crypto/tls: safely shutdown #29462
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Does this issue reproduce with the latest release?
Yes
Safely and reliably shutting down an SSL transport while keeping the underlying connection still open is not supported by the API in an intuitive way. I have posted this question on stackoverflow here: https://stackoverflow.com/questions/53825725/how-to-safely-shutdown-ssl-connection
But to repeat the question:
Using Go, how can a tls.Conn be safely shutdown without entirely closing the underlying connection? I have a working solution, but I am not sure if there is a better way.
In my application I have a non-SSL connection that is eventually 'upgraded' to an SSL connection. Then at some point the SSL connection should be closed cleanly, and the connection should return to the non-SSL version (where unencrypted traffic can be sent between the two parties).
This works because if a closeNotify alert record is received then
c.readRecord
in crypto/tls/conn.go will return an error value, and will not read any bytes (so presumably theb
byte array could have been any size).This is a bit confusing from a user's point of view. It would be preferable to have an API like
ssl.Shutdown()
that internally maybe doesOr maybe there is a better way to cleanly shutdown, but that is for the library writer's to decide.
I realize it is a bit strange to want to shutdown an SSL transport and continue to use the underlying connection but that is the constraint I am working under.
If it is helpful I can provide a small working example.
The text was updated successfully, but these errors were encountered: