On Fri, Jun 10, 2022 at 02:55:24PM +0200, Gerben Wierda wrote:
> > which links to https://github.com/openssl/openssl/issues/11378
> > <https://github.com/openssl/openssl/issues/11378>. The
> > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but
> > kept it in the branch that become OpenSSL 3.
>
> So basically, the sender doesn’t properly close the SSL protocol,
> their MTA is using an SSL which isn’t properly implemented.
No, the sending application tears down the TLS connections abruptly,
without calling SSL_shutdown(), it is free to do so, and also the TCP
connection can terminate before the "close_notify" alert is received.
This is expected to happen some of the time, not an SSL library bug.
Many application protocols (e.g. SMTP) have some sort of explicit
message framing, and are resilient against message truncation at
connection close.
--
Viktor.
