In a message written on Tue, Feb 02, 2021 at 10:44:34AM -0500, Curtis Maurand wrote: > Jumping in as an observer with 25 years of admin experience with > public facing equipment and servers. this problem seems more of a > problem with the tls libraries.
I violently agree with this statement. https://github.com/openssl/openssl/issues/13976 is the support ticket where the OpenSSL folks helped me work out the proper clean shutdown behavior and associated error handling. Legacy bugs, and plenty of special cases to properly close a TLS connection _and_ indicate all of the possible errors clearly to the admin. It's far from clearly documented. However, when I implemented the patches on my sendmail server I went from seeing 7% of the client connections close properly to seeing ~45% of the connections close properly. There are clearly MTAs out there doing a full clean shutdown. And while I support fixing the TLS librarys, the OpenSSL link to do that is above. Until those libraries are improved, applications that use them just have to deal with the mess they have made. -- Leo Bicknell - bickn...@ufp.org PGP keys at http://www.ufp.org/~bicknell/
