Thanks Jakob & Michael for your reply. I'm using openssl to interact with apple's APNS server. Sending data as fast as possible, most of the time APNS server don't reply, but in some circumstance, APNS server will rely with a response and then close the connection. So the RST is expected most of the time if APNS don't process all received data. At first i doubt this is maybe properties of TCP : tcp discard received data on RST. and i do some test on TCP not openssl. 1. client write data until the connection is broken, sleep for a number of seconds, then try to read. the response can be read. 2. server on accept, don't read the data, sleep for a number of seconds. and write some bytes ,then just exit. here is result of tcpdump on closing: 09:50:10.188952 IP xx.90.82.138.irisa > 10.241.95.197.48252: Flags [P.], seq 730306105:730306205, ack 1556413186 Connection was reset.,nop,TS val 118133437 ecr 511650777], length 100 09:50:10.188963 IP 10.241.95.197.48252 > xx.90.82.138.irisa: Flags [.], ack 100, win 6, options [nop,nop,TS val 511653112 ecr 118133437], length 0 09:50:10.188971 IP xx.90.82.138.irisa > 10.241.95.197.48252: Flags [R.], seq 100, ack 1, win 39, options [nop,no p,TS val 118133437 ecr 511650777], length 0 It seems that if data is placed in socket buffer, it can be read. So the received package could be discard in TCP stack? Thank you very much. On Thu, Dec 3, 2015 at 7:53 AM, Michael Wojcik < Michael.Wojcik at microfocus.com> wrote: > Just to amplify on Jakob's response: the reason that sometimes you see the > reply is that sometimes your application manages to get it from the stack > before the stack receives and processes the RST from the peer. In the > example you provided, there was a 52ms window in which you could have read > that response before the RST told the stack to throw it away. > > > If the conversation is aborting for cause - for example because the peer > process exited without reading some received data - then this is the > correct behavior. If the peer is causing the RST by mucking around with the > SO_LINGER socket option, then the peer application is probably broken. > (There are cases where an application might legitimately want to send an > RST rather than a FIN, but they're few and far between.) > > > > In any event, you're at the mercy of TCP's semantics. When the > conversation is aborted, rather than terminated normally, unprocessed data > goes away. That's a Good Thing, because the peer has no way of knowing > whether you received it. > > > > As is usually the case with this sort of issue, the real question is what > problem are you actually trying to solve? "How can I make TCP behave > differently?" is not the right question. > > > > Michael Wojcik > Technology Specialist, Micro Focus > > > > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- Anty Rao -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151203/857e5561/attachment.html>