In general, TLS stacks handle warning alerts badly aside from the defined
alerts
that are explicitly non-fatal ("close_notify", etc.). Many just close the
connection
so it's not safe to send one.I would suggest that we instead adopt the following semantic: - All alerts mean connection close. - Fatal means that you should report an error to the application (e.g., return -1 in a sockets-style API) and abort immediately. - Warning means that you should report a "normal" end of data (e.g., return 0 in a sockets-style API) except in the case of end_of_early_data and in the case of close_notify, send your own close_notify - Any alerts except the ones specifically listed as "warning" MUST be treated as fatal regardless. This is more or less what people do anyway. If people are in favor of this, I will prepare a PR. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
