IETF Logo Mail Archive

Re: [hybi] Fwd: failed TLS handshake: which close code?

Tobias Oberstein <tobias.oberstein@tavendo.de> Mon, 24 October 2011 16:25 UTC

Return-Path: <tobias.oberstein@tavendo.de>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9BA21F0C58 for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 09:25:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yn6XI4U+9u8 for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 09:25:46 -0700 (PDT)
Received: from EXHUB020-3.exch020.serverdata.net (exhub020-3.exch020.serverdata.net [206.225.164.30]) by ietfa.amsl.com (Postfix) with ESMTP id BDB601F0C5D for <hybi@ietf.org>; Mon, 24 Oct 2011 09:25:43 -0700 (PDT)
Received: from EXVMBX020-12.exch020.serverdata.net ([169.254.3.230]) by EXHUB020-3.exch020.serverdata.net ([206.225.164.30]) with mapi; Mon, 24 Oct 2011 09:25:43 -0700
From: Tobias Oberstein <tobias.oberstein@tavendo.de>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Date: Mon, 24 Oct 2011 09:25:41 -0700
Thread-Topic: [hybi] Fwd: failed TLS handshake: which close code?
Thread-Index: AcySZxQRHSKClYs0RfOxI68Zr9wpAwAAdZMg
Message-ID: <634914A010D0B943A035D226786325D42D0B036EF5@EXVMBX020-12.exch020.serverdata.net>
References: <634914A010D0B943A035D226786325D42D0B036D6D@EXVMBX020-12.exch020.serverdata.net> <CADkeqZXXRkXCRrONLr5thwOqNVUxNWU0Q-9E0R0i=4S-bc-LFw@mail.gmail.com> <CADkeqZXDvu-JY8aZHJJPRH-_JnF196JjA_JG6X_1yrYSiAekuA@mail.gmail.com> <0ED03DDD-1AF9-41F9-B5F0-2968BF16E378@zaphoyd.com> <CADkeqZVvU31ML8tDAeYwnndvPZ9W8vEuzJksBm-4d1qv7MWObw@mail.gmail.com> <634914A010D0B943A035D226786325D42D0B036E9D@EXVMBX020-12.exch020.serverdata.net> <D5E88D14-C13E-490D-933E-6B133BAF98E3@bbn.com>
In-Reply-To: <D5E88D14-C13E-490D-933E-6B133BAF98E3@bbn.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hybi@ietf.org" <hybi@ietf.org>, Peter Thorson <webmaster@zaphoyd.com>
Subject: Re: [hybi] Fwd: failed TLS handshake: which close code?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 16:25:47 -0000

> This is pointless.  These codes are not needed by the WS API, since a TLS
> failure does not provide a close code. 

Well, both Chrome (16.0.912.10 canary) and Firefox (10.0a1 (2011-10-24))
_do_ fire the onclose() event handler with 1006 when the WS connection cannot
even be established (host unreachable).

Firefox fires the onclose() with 1006 also for WSS when the server cert is invalid.
Chrome currently does not check WSS server cert (unrelated beh./bug).

So both browsers are wrong?

Anyway: what is your recommendation for WS API for _apps_ (JavaScript) to recognize "invalid server cert"?

v2.23.0 | Report a Bug | By Email