Opened 7 years ago

Last modified 7 years ago

#11227 new Feature Requests

Support for unidirectional shutdown in ssl::stream

Reported by: Oleg Andriyanov (o.andriyanov@… Owned by: chris_kohlhoff
Milestone: To Be Determined Component: asio
Version: Boost 1.58.0 Severity: Not Applicable
Keywords: asio, ssl, SSL_shutdown, async_shutdown Cc:

Description

In version 1.57 there is no possibility of sending "close notify" shutdown alert to the peer without waiting for peer's response.

The motivation of such feature is that some applications won't send their "close notify" response. In particular, Internet Explorer 11 apparently does not send it's "close notify" response to the server which called boost::asio::ssl::stream::async_shutdown when server's SSL certificate is considered untrusted. As a consequence callback for async_shutdown is never called, and the web server can not shutdown connection gracefully.

Citing OpenSSL documentation: "According to the TLS standard, it is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response"...

Taking this into account it would be really helpful for me to have an option in the async_shutdown method which would specify type of SSL shutdown (unidirectional or bidirectional).

Change History (4)

comment:1 by Oleg Andriyanov (o.andriyanov@…, 7 years ago

Keywords: asio added

comment:2 by anonymous, 7 years ago

Version: Boost 1.57.0Boost 1.58.0

comment:3 by viboes, 7 years ago

Component: Noneasio
Owner: set to chris_kohlhoff

comment:4 by anonymous, 7 years ago

Just as a "workaround": You can also perform an unidirectional shutdown directly by calling ::SSL_shutdown(socket->native_handle());

Note: See TracTickets for help on using tickets.