When using Openssl as TLS backend, close notify alert is not sent before closing the connection #2221

pjsipbot · 2019-08-28T13:01:05Z

2019-08-28 13:01:05: @trengginas created the issue on trac ticket 2221

Before closing a connection, close notify alert must be sent to avoid truncation attack as stated in rfc5246:


7.2.1.  Closure Alerts

   The client and the server must share knowledge that the connection is
   ending in order to avoid a truncation attack.  Either party may
   initiate the exchange of closing messages.

Currently, the close notify alert is not sent before the connection is closed.

Thanks to Peter Koletzki for the report.

2019-08-28 13:02:55: @trengginas changed status from new to closed

2019-08-28 13:02:55: @trengginas set owner to @trengginas

2019-08-28 13:02:55: @trengginas set resolution to fixed

2019-08-28 13:02:55: @trengginas commented

In r6054:
Fixed #2221: When using Openssl as TLS backend, close notify alert is not sent before closing the connection.

The text was updated successfully, but these errors were encountered:

…rt is not sent before closing the connection. git-svn-id: https://svn.pjsip.org/repos/pjproject/trunk@6054 74dad513-b988-da41-8d7b-12977e46ad98

pjsipbot closed this as completed Aug 28, 2019

pjsipbot added component: pjlib type: bug labels Feb 14, 2020

pjsipbot added this to the release-2.10 milestone Feb 14, 2020

pjsipbot assigned trengginas Feb 14, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

When using Openssl as TLS backend, close notify alert is not sent before closing the connection #2221

When using Openssl as TLS backend, close notify alert is not sent before closing the connection #2221

pjsipbot commented Aug 28, 2019

When using Openssl as TLS backend, close notify alert is not sent before closing the connection #2221

When using Openssl as TLS backend, close notify alert is not sent before closing the connection #2221

Comments

pjsipbot commented Aug 28, 2019