RE: Closing SSL connections

Shaw, George Wed, 18 Apr 2001 10:19:37 -0700
Thanks Greg,

Does this mean that SSL v2 would return a different return code from
SSL_read?  And if not then how can I check for the particular circumstance
of a socket disconnection in this mode.  I'm just trying to get a handle on
how I can support the RFC with SSL v2, it must have been done by others
before now.

G.

-----Original Message-----
From: Greg Stark [mailto:[EMAIL PROTECTED]]
Sent: 18 April 2001 18:14
To: [EMAIL PROTECTED]
Subject: Re: Closing SSL connections


It is safe to treat this as a non-error if you are using SSL version 3 or
higher, but not if you connected with SSL version 2. So do not use SSL v2.

Sending an SSL_shutdown() is the safe way to close the connection, but it
may have performace implications because of the rules OpenSSL uses for
managing session resumption. See the documentation for SSL_set_shutdown()
(http://www.openssl.org/docs/ssl/SSL_set_shutdown.html#) for some hints of
what to do.

_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________



----- Original Message -----
From: "Shaw, George" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 18, 2001 12:38 PM
Subject: Closing SSL connections


> Hi,
>
> I'm working with an HTTP application, and according to the RFC when
sending
> the HTTP response it is permissible to signal the end of the response by
> closing the socket (rather than using the Content-Length header).
>
> When implementing the HTTP client using SSL, SSL_read will return
> SSL_ERROR_ZERO_RETURN. Is it safe to treat this as a non-error.  i.e.
there
> are no other circumstances in which this return code will signal a true
> error?
>
> When implementing the HTTP server using SSL, is it safe to issue an
> SSL_shutdown and a socket disconnect while the client is listening?
>
> Thanks,
>
> G.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Closing SSL connections

Reply via email to
