Actually I got some insight from reading the SSL_shutdown man page
https://www.openssl.org/docs/ssl/SSL_shutdown.html.
If you enable quiet_shutdown, the SSL_shutdown will always return with
success. Otherwise, you may need to call SSL_shutdown multiple times
(much as you do with SSL_accept), to get the close_notify handshake
through.
Based on that, I'm assuming the original motivation for using
quiet_shutdown was programming expediency. I'm move on assuming that.
If anyone else has additional insights, I'd appreciate hearing them.
Thanks,
Susan
On 2/5/2015 9:35 AM, Susan Hinrichs wrote:
I'm trying to close out TS-2941.
Because ATS has SSL_CTX_set_quiet_shutdown enabled, it does not send
close_notify before shutting down the SSL connection. This does not
follow the TLS standard and causes the clients to set RSTs.
Can anyone remember why we are explicitly enabling
SSL_CTX_set_quiet_shutdown? If we don't remember why, I'm going to
pull it out so we operate in accordance with the standard.
