[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Configuration options on closure alert

According to the TLS 1.0 spec the side initiating the closing of an connection must send a closure alert. The end receiving a closure alert MAY send an acknowledgement closure alert before the TCP connection is shutdown. 

Unfortunately there are a number of implementations around that violate the spec, i.e. no closure alert is sent before the TCP-connection is shutdown. Most notably are perhaps Microsoft IIS and Netscape Enterprise server. 

iSaSiLk 3.0 beta 2 throws a java.io.EOFException if the peer closes the TCP connection without sending a closure alert. Presently there is no way in the iSaSiLk API to differentiate between the cases when the TCP connection was shutdown gracefully but no closure alert was sent, and when the TCP circuit was reset. This makes the error handling very difficult in environments were for instance IIS or netscape enterprise server are present. 

I would prefer that a different exception was thrown if no closure alert was sent before a connection is closed. For instance one could introduce a subclass to iaik.security.ssl.SSLException.


 <<Roger Bodén (QTX).vcf>>