No CFNetwork API for sending close_notify
| Originator: | james.walter.matthews | ||
| Number: | rdar://30559936 | Date Originated: | 16-Feb-2017 02:02 PM |
| Status: | Open | Resolved: | |
| Product: | macOS + SDK | Product Version: | |
| Classification: | Reproducible: |
Area: Networking Summary: TLS connections should send a close_notify message to indicate the end of secure communication. Closing the connection without sending a close_notify is indistinguishable, to the server, from a truncation attack. For this reason some server software (e.g. vsFTPd 3.0.3) treats the absence of a close_notify as a security breach. There is currently no CFNetwork API for sending a close_notify. Steps to Reproduce: 1. Build and run the TLSTool sample application, making a TLS 1.2 connection (e.g. to an SMTP server). 2. After sending some commands or data, type Control-D to close the connection Expected Results: The Mac sends a TLS close_notify before sending a FIN packet. Actual Results: No TLS close_notify is sent. Version: 10.12.2/16C67 Notes: Configuration: Mid-2012 Retina MacBook Pro running macOS 10.12.2 Sierra (build 16C67) Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!