Opened 14 years ago

Last modified 12 years ago

#7362 new Bug report

Implement correct SSL shutdown on closing connection

Reported by: Hendrik Owned by:
Priority: normal Component: FileZilla Client
Keywords: SSL shutdown Cc:
Component version: Operating system type:
Operating system version:

Description

When using the Filezilla FTP client with explicit SSL/TLS, the connection to the FTP server is closed without regarding the SSL shutdown that is expected by servers implementing TLS.

Before closing the TCP connection, a correct TLS shutdown should be initiated.

Typical error in vsftp implmenting FTP/TLS:
[username] DEBUG: Client "IP", "Connection terminated without SSL shutdown - buggy client?"

Specification for closing TLS connections:

http://www.ietf.org/rfc/rfc2246.txt
7.2.1. Closure alerts

Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.

Change History (1)

Note: See TracTickets for help on using tickets.