Hello Tomcat Users Tomcat Version: 10.1.28 OpenSSL version: 3.0.14 Tomcat Native Client: 2.0.8
I have configured an HTTPS connector with the org.apache.coyote.http11.Http11NioProtocol protocol and the org.apache.tomcat.util.net.openssl.OpenSSLImplementation sslImplementationName using TLSv1.2 When I tcpdump any request to this connector, Tomcat is not returning a "close_notify" in response to a client's close_notify, and I cannot figure out how to force Tomcat to return a close_notify. This seems to be a violation of the TLS protocol which demands both sides issue a close_notify. Recreating this situation, as far as I can tell, only requires combining the Http11NioProtocol with the OpenSSLImplementation (Tomcat9 or Tomcat10, TLSv1.2 or TLSv1.3, OpenSSL 3.0, 3.1, and 3.2, all exhibit this behavior). Other notes, switching the sslImplementationName to org.apache.tomcat.util.net.jsse.JSSEImplementation does return a close_notify by the server in response to the client's close_notify. Also, switching back to Tomcat9, and using the org.apache.coyote.http11.Http11AprProtocol, Tomcat also returns a close_notify in response to a client's close_notify. I have run out of ideas, googling this behavior has turned up nothing related to Tomcat (although there does appear to be a similar behavior noticed in Netty also using the OpenSSLEngine https://github.com/netty/netty/issues/6167) Any help would be greatly appreciated, I am happy to send along any other information that would be informational for diagnostics Isaac Klickstein
