directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "alexander todorov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSTUDIO-1015) Question about the closing of TLS connection in Apache Directory Studio
Date Thu, 26 Feb 2015 13:41:04 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14338396#comment-14338396
] 

alexander todorov commented on DIRSTUDIO-1015:
----------------------------------------------

In the RFC for TLS version 1 I see:
The client and the server must share knowledge that the connection is ending in order to avoid
a truncation attack.
Each party is required to send a close_notify alert before closing the write side of the connection.

As I said by not calling StartTlsResponse.close() close_notify is not sent.





> Question about the closing of TLS connection in Apache Directory Studio
> -----------------------------------------------------------------------
>
>                 Key: DIRSTUDIO-1015
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1015
>             Project: Directory Studio
>          Issue Type: Question
>            Reporter: alexander todorov
>
> Hi, 
> I am looking in the sources of Apache Directory Studio and I have a question.
> In the class 
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper
> I see that in the method disconnect, the connection is closed only by invoking of context.close()
(context is of type InitialLdapContext).
> My question is:
> In case of using of StartTLS  extension why don’t you call StartTlsResponse.close()
prior to context.close() ? 
> StartTlsResponse.close() sends the TLS alert -  close_notify.
> Is it safe not to call StartTlsResponse.close() ?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message