[PATCH] SSL: shutdown cleanly when other endpoint starts shutdown

Maxim Dounin mdounin at mdounin.ru
Wed Dec 9 13:34:20 UTC 2015


Hello!

On Tue, Dec 08, 2015 at 01:21:41PM -0800, Judson Wilson wrote:

> > As far as I understand, just looking for TCP FIN should be good
> > enough for this task.
> 
> TCP FIN can not be authenticated. A man in the middle can make one.

The same is true for close_notify with your patch.  Just keeping 
in mind that no close_notify means that the response may be 
truncated should work.  Note well that if it's client who closes 
the connection it's likely that the response is truncated (or the 
HTTP layer has enough information to check that it wasn't).

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list