Opened 14 years ago
Last modified 12 years ago
#7362 new Bug report
Implement correct SSL shutdown on closing connection
Reported by: | Hendrik | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | FileZilla Client |
Keywords: | SSL shutdown | Cc: | |
Component version: | Operating system type: | ||
Operating system version: |
Description
When using the Filezilla FTP client with explicit SSL/TLS, the connection to the FTP server is closed without regarding the SSL shutdown that is expected by servers implementing TLS.
Before closing the TCP connection, a correct TLS shutdown should be initiated.
Typical error in vsftp implmenting FTP/TLS:
[username] DEBUG: Client "IP", "Connection terminated without SSL shutdown - buggy client?"
Specification for closing TLS connections:
http://www.ietf.org/rfc/rfc2246.txt
7.2.1. Closure alerts
Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.
https://forum.filezilla-project.org/viewtopic.php?t=28344