On Fri, May 21, 1999 at 05:58:55PM +0100, Ben Laurie wrote:
> Bodo Moeller wrote:
>> No, it's exactly the opposite: Instead of keeping a half-closed
>> connection (where the party that initiated the close stays in
>> FIN-WAIT-2 state and the other party stays in CLOSE-WAIT until it
>> decides to
On Fri, May 21, 1999 at 01:00:02PM +0200, Bodo Moeller wrote:
>> When I
>> understand you correctly, the problem can be those platforms where Apache
>> doesn't do the lingering close, right?
> Could be, yes. Netscape does not recogni
The TCP protocol allows greater level of control than allowed by the
socket API set.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automate
Bodo Moeller wrote:
>
> On Fri, May 21, 1999 at 02:25:23PM +0100, Ben Laurie wrote:
> > Bodo Moeller wrote:
> >> On Fri, May 21, 1999 at 09:08:52AM +0200, Ralf S. Engelschall wrote:
>
> What exactly does Apache with mod_ssl do when shutting down an SSL
> connection (in the default case
In article <[EMAIL PROTECTED]> you wrote:
> On Fri, May 21, 1999 at 09:08:52AM +0200, Ralf S. Engelschall wrote:
> [...]
> Could be, yes. Netscape does not recognize the shutdown until the TCP
> connection is closed (i.e. a FIN arrives -- I think the actual
> close_notify is just ignored), and
On Fri, May 21, 1999 at 02:25:23PM +0100, Ben Laurie wrote:
> Bodo Moeller wrote:
>> On Fri, May 21, 1999 at 09:08:52AM +0200, Ralf S. Engelschall wrote:
What exactly does Apache with mod_ssl do when shutting down an SSL
connection (in the default case)? Does it send its close_notify a
Bodo Moeller wrote:
>
> On Fri, May 21, 1999 at 09:08:52AM +0200, Ralf S. Engelschall wrote:
> >> What exactly does Apache with mod_ssl do when shutting down an SSL
> >> connection (in the default case)? Does it send its close_notify alert
> >> and then send a FIN -- i.e. shutdown(..., SHUT_WR)
On Fri, May 21, 1999 at 09:08:52AM +0200, Ralf S. Engelschall wrote:
>> What exactly does Apache with mod_ssl do when shutting down an SSL
>> connection (in the default case)? Does it send its close_notify alert
>> and then send a FIN -- i.e. shutdown(..., SHUT_WR) -- so that the
>> browser still
In article <[EMAIL PROTECTED]> you wrote:
> Can you say what the security consequences are of unclean shutdown?
For instance from RFC2246 (TLSv1):
7.2.1. Closure alerts
The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Ei
In article <[EMAIL PROTECTED]> you wrote:
> On Thu, May 20, 1999 at 09:28:45AM +0200, Ralf S. Engelschall wrote:
>
>>> Question: some of the messages say that the fix involves setting
>>> both ssl-unclean-shutdown *and* nokeepalive for MSIE browsers,
>>> while some other messages seem to say it'
In article <[EMAIL PROTECTED]> you wrote:
> I believe I'm encountering this problem and have been reading over
> some of the old messages.
>
> Question: some of the messages say that the fix involves setting
> both ssl-unclean-shutdown *and* nokeepalive for MSIE browsers,
> while some other mes
11 matches
Mail list logo
