No CFNetwork API for sending close_notify
Number:rdar://30559936 Date Originated:16-Feb-2017 02:02 PM
Status:Open Resolved:
Product:macOS + SDK Product Version:
Classification: Reproducible:

TLS connections should send a close_notify message to indicate the end of secure communication. Closing the connection without sending a close_notify is indistinguishable, to the server, from a truncation attack. For this reason some server software (e.g. vsFTPd 3.0.3) treats the absence of a close_notify as a security breach. There is currently no CFNetwork API for sending a close_notify.

Steps to Reproduce:
1. Build and run the TLSTool sample application, making a TLS 1.2 connection (e.g. to an SMTP server).
2. After sending some commands or data, type Control-D to close the connection

Expected Results:
The Mac sends a TLS close_notify before sending a FIN packet.

Actual Results:
No TLS close_notify is sent.



Mid-2012 Retina MacBook Pro running macOS 10.12.2 Sierra (build 16C67)



Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!