On Wed, Aug 01, 2018 at 08:27:38AM +0200, Alex H wrote: > Hi, > > I have trouble understanding the details of TLS shutdown. I get the basics > but, > > Is it possible to receive data after calling SSL_shutdown? Reading the > specs and docs leaves this rather blurry. > > That is, after sending a close_notify, can I receive data before getting my > client_notify response? > > The sources of SSL_write checks for SSL_SENT_SHUTDOWN state and returns > with error if set, but does not check for SSL_RECEIVED_SHUTDOWN. This > indicates somehow I'm allowed to still send data after received a > close_notify? TLS 1.3 makes it explicit that after you've send a close_notify, the peer is still allowed to send data, so you can still read data. It only closes the connection in one direction. As far as I know, OpenSSL has always supported this, even when the RFC said that the other side needs to send the close_notify back on receiving it. In -pre8 we even have tests covering this behaviour, and the manpages have been update to say that it's possible. See https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
