Opened 3 months ago

Closed 2 months ago

#2056 closed defect (fixed)

TLS ALert "close_notify" missing

Reported by: rudirodi@… Owned by:
Priority: minor Milestone:
Component: documentation Version: 1.17.x
Keywords: close_notify, alert, post Cc:
uname -a: Linux ubuntu-2gb-nbg1-1 4.15.0-70-generic #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: 1.15.8 and 1.17.8

Description (last modified by rudirodi@…)

nginx Version: 1.15.8 and 1.17.8

WHEN:

Request Method: POST
any POST body is sent
NGINX returns 403

THEN:
NGINX is not sending a close_notify Alert to close the connection.

Why it looks like a bug:

When no POST Body is included in the request the close_notify is sent.

Change History (3)

comment:1 by rudirodi@…, 3 months ago

Description: modified (diff)

comment:2 by Ruslan Ermilov <ru@…>, 2 months ago

In 7738:554c6ae25ffc/nginx:

SSL: fixed non-working SSL shutdown on lingering close.

When doing lingering close, the socket was first shut down for writing,
so SSL shutdown initiated after lingering close was not able to send
the close_notify alerts (ticket #2056).

The fix is to call ngx_ssl_shutdown() before shutting down the socket.

comment:3 by Ruslan Ermilov, 2 months ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.