No CFNetwork API for sending close_notify
||Date Originated:||16-Feb-2017 02:02 PM|
|Product:||macOS + SDK
TLS connections should send a close_notify message to indicate the end of secure communication. Closing the connection without sending a close_notify is indistinguishable, to the server, from a truncation attack. For this reason some server software (e.g. vsFTPd 3.0.3) treats the absence of a close_notify as a security breach. There is currently no CFNetwork API for sending a close_notify.
Steps to Reproduce:
1. Build and run the TLSTool sample application, making a TLS 1.2 connection (e.g. to an SMTP server).
2. After sending some commands or data, type Control-D to close the connection
The Mac sends a TLS close_notify before sending a FIN packet.
No TLS close_notify is sent.
Mid-2012 Retina MacBook Pro running macOS 10.12.2 Sierra (build 16C67)
Reports posted here will not necessarily be seen by Apple.
All problems should be submitted at bugreport.apple.com before they are posted here.
Please only post information for Radars that you have filed yourself, and please do
not include Apple confidential information in your posts. Thank you!