SecureTransport's SSLClose() marks the connection as closed for reading and writing.
| Originator: | martin.baulig | ||
| Number: | rdar://34167402 | Date Originated: | 08/30/2017 |
| Status: | Resolved: | ||
| Product: | macOS + SDK | Product Version: | 10.2.5 |
| Classification: | Bug | Reproducible: | Always |
Area: Networking Summary: When you call SecureTransport's SSLClose() method, it will send the close_notify alert and then flag the connection as closed for reading and writing. Subsequent calls to SSLRead() will immediately return errSSLClosedGraceful without actually reading anything. This is a problem if the remote sends a close_notify alert back - as required by section 7.2.1 of the TLS 1.2 spec (RFC 5246) - and you want to reuse the underlying transport. Other TLS 1.2 implementations such as OpenSSL or BoringSSL allow reading after shutdown - and the read returns "closed gracefully" after the close_notify reply has been received. Steps to Reproduce: Use SecureTransport to establish a secure connection to a TLS 1.2 server. Make sure that upon receiving a close_notify alert, the server send a close_notify back (SecureTransport does that). Wait until the server has sent some data. Call SSLClose(), then SSLRead(). Expected Results: SSLClose() should only make the connection as closed for writing, but still allow reading. SSLRead() should read everything the server sent - including the close_notify - then return errSSLClosedGraceful. Observed Results: SSLRead() returns immediately with errSSLClosedGraceful, without actually reading anything. Version: 10.12.5 Notes: This makes it impossible to reuse the underlying transport as there is no way of reading the server's (encrypted) close_notify reply.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!