To:
EPP Provreg <ietf-provreg@cafax.se>
From:
Patrick Mevzek <provreg@contact.dotandco.com>
Date:
Tue, 14 Apr 2009 15:11:05 +0200
Content-Disposition:
inline
In-Reply-To:
<046F43A8D79C794FA4733814869CDF07029FD729@dul1wnexmb01.vcorp.ad.vrsn.com>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.5.18 (2008-05-17)
Subject:
Re: [ietf-provreg] AD Review Comments:draft-hollenbeck-rfc4934bis-00
[about TLS & close_notify] Hollenbeck, Scott <shollenbeck@verisign.com> 2009-04-14 14:14 > I'm reasonably certain > that this is behavior that's typically buried in a toolkit instead of > being implemented by an EPP developer, so perhaps that new text should > be removed from the document. I agree with you on that. As James, I'm using a toolkit to deal with SSL stuff (a wrapper around openssl called IO::Socket::SSL under Perl), I do not know if it does a TLS_close_notify. Per its documentation, it does do it properly, even warning not to do a shutdown before a close has it needs to send this TLS notification on proper shutdown. Also, most of the time, the connection is first closed by the server, after the client <logout/> message. A quick ssldump gives me: 1 8 0.2824 (0.0000) S>CV3.1(992) application_data 1 9 0.2967 (0.0142) C>SV3.1(768) application_data 1 10 0.3632 (0.0664) S>CV3.1(576) application_data 1 11 1.2652 (0.9020) C>SV3.1(336) application_data 1 12 1.3261 (0.0608) S>CV3.1(368) application_data 1 13 1.3261 (0.0000) S>CV3.1(32) Alert 1 1.3261 (0.0000) S>C TCP FIN 1 14 1.3275 (0.0013) C>SV3.1(32) Alert 1 1.3279 (0.0004) C>S TCP RST The alerts are probably the close_notify. -- Patrick Mevzek Dot and Co <http://www.dotandco.com/> <http://www.dotandco.net/>