Opened 7 years ago
Last modified 7 years ago
#11227 new Feature Requests
Support for unidirectional shutdown in ssl::stream
Reported by: | Owned by: | chris_kohlhoff | |
---|---|---|---|
Milestone: | To Be Determined | Component: | asio |
Version: | Boost 1.58.0 | Severity: | Not Applicable |
Keywords: | asio, ssl, SSL_shutdown, async_shutdown | Cc: |
Description
In version 1.57 there is no possibility of sending "close notify" shutdown alert to the peer without waiting for peer's response.
The motivation of such feature is that some applications won't send their "close notify" response. In particular, Internet Explorer 11 apparently does not send it's "close notify" response to the server which called boost::asio::ssl::stream::async_shutdown when server's SSL certificate is considered untrusted. As a consequence callback for async_shutdown is never called, and the web server can not shutdown connection gracefully.
Citing OpenSSL documentation: "According to the TLS standard, it is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response"...
Taking this into account it would be really helpful for me to have an option in the async_shutdown method which would specify type of SSL shutdown (unidirectional or bidirectional).
Change History (4)
comment:1 by , 7 years ago
Keywords: | asio added |
---|
comment:2 by , 7 years ago
Version: | Boost 1.57.0 → Boost 1.58.0 |
---|
comment:3 by , 7 years ago
Component: | None → asio |
---|---|
Owner: | set to |
Just as a "workaround": You can also perform an unidirectional shutdown directly by calling
::SSL_shutdown(socket->native_handle());