[tpop3d-discuss] ioabs_tls_shutdown message

Chris Lightfoot chris at ex-parrot.com
Sat, 6 Sep 2003 17:20:41 +0100


On Sat, Sep 06, 2003 at 02:54:31PM +0200, Jakob Hirsch wrote:
> Hi,
> 
> when using tls I get this message at the end of a session:
> 
> ioabs_tls_shutdown: client [9]jhirsch@netlight.de(145.253.131.121):
> underlying connection closed by peer during shutdown
> 
> Everything seems to be ok, I was just wondering. Maybe this message is
> related to openssl (running 0.9.6b on a Redhat 7.x box).

Probably a Microsoft client bug.

When you shut down a TLS connection, you're supposed to
negotiate the shutdown over the encrypted channel. If you
regard it as OK just to terminate the underlying TCP
connection, then you open yourself to an attack by an
intermediate sending a forged RST or FIN segment.
Unfortunately MS Windows gets this wrong and just drops
the connection. Arguably we shouldn't warn about this but
I haven't special-cased the error code in ioabs_tls.c;
doing so is now on the `to-do' list.

-- 
British Left Waffles on Falkland Islands (newspaper headline)