[PATCH] SSL: shutdown cleanly when other endpoint starts shutdown
Maxim Dounin
mdounin at mdounin.ru
Wed Dec 9 13:34:20 UTC 2015
Hello!
On Tue, Dec 08, 2015 at 01:21:41PM -0800, Judson Wilson wrote:
> > As far as I understand, just looking for TCP FIN should be good
> > enough for this task.
>
> TCP FIN can not be authenticated. A man in the middle can make one.
The same is true for close_notify with your patch. Just keeping
in mind that no close_notify means that the response may be
truncated should work. Note well that if it's client who closes
the connection it's likely that the response is truncated (or the
HTTP layer has enough information to check that it wasn't).
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list