Re: [hybi] failed TLS handshake: which close code?
Tobias Oberstein <tobias.oberstein@tavendo.de> Mon, 24 October 2011 14:57 UTC
Return-Path: <tobias.oberstein@tavendo.de>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FBB721F8C85 for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 07:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-6qYESoHD+e for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 07:57:12 -0700 (PDT)
Received: from EXHUB020-5.exch020.serverdata.net (exhub020-5.exch020.serverdata.net [206.225.164.32]) by ietfa.amsl.com (Postfix) with ESMTP id 9D0FB21F8C69 for <hybi@ietf.org>; Mon, 24 Oct 2011 07:57:12 -0700 (PDT)
Received: from EXVMBX020-12.exch020.serverdata.net ([169.254.3.230]) by EXHUB020-5.exch020.serverdata.net ([206.225.164.32]) with mapi; Mon, 24 Oct 2011 07:57:11 -0700
From: Tobias Oberstein <tobias.oberstein@tavendo.de>
To: "Richard L. Barnes" <rbarnes@bbn.com>, Alexey Melnikov <alexey.melnikov@isode.com>
Date: Mon, 24 Oct 2011 07:57:11 -0700
Thread-Topic: [hybi] failed TLS handshake: which close code?
Thread-Index: AcySVFSqZxa3N/K/Rd+2XzLkoHI9KAAByt7w
Message-ID: <634914A010D0B943A035D226786325D42D0B036E6B@EXVMBX020-12.exch020.serverdata.net>
References: <634914A010D0B943A035D226786325D42D0B036D6D@EXVMBX020-12.exch020.serverdata.net> <CADkeqZXXRkXCRrONLr5thwOqNVUxNWU0Q-9E0R0i=4S-bc-LFw@mail.gmail.com> <CADkeqZXDvu-JY8aZHJJPRH-_JnF196JjA_JG6X_1yrYSiAekuA@mail.gmail.com> <CADkeqZWdFrmEyJEmHy+tfgsJXS1nU3ASx20-=uwwLY6EZogc0A@mail.gmail.com> <7ECB103B-4C75-49B2-A29B-ABCF91B3DB36@bbn.com> <CADkeqZWGEc6s=6UnQqzU5uGy+Jci5d7n9We+9kcHj+o8=y2SwA@mail.gmail.com> <363A8979-63BA-489F-A1A0-A8A3287891C6@bbn.com>
In-Reply-To: <363A8979-63BA-489F-A1A0-A8A3287891C6@bbn.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] failed TLS handshake: which close code?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 14:57:13 -0000
> To quote the WebSocket API: > " > If the user agent was required to fail the websocket connection or the > WebSocket connection is closed with prejudice, fire a simple event named > error at the WebSocket object. > " > > So if TLS fails and the client has to _Fail the WebSocket Connection_, then > the API only reports an error; it does not provide a close code. Which is > appropriate, because the existence of a close code presumes the existence > of an established WS connection, which does not exist in this case. > But the text of above (step 2) spec continues (with step 3): " Create an event that uses the CloseEvent interface, with the event name close, which does not bubble, is not cancelable, has no default action, whose wasClean attribute is initialized to true if the connection closed cleanly and false otherwise, whose code attribute is initialized to the WebSocket connection close code, and whose reason attribute is initialized to the WebSocket connection close reason decoded as UTF-8, with error handling, and dispatch the event at the WebSocket object. " I'm not sure: does step 2 prevent doing step 3? In any case: a) Firefox currently fires "close" with 1006 "Abormal Close" on TLS invalid cert. failure b) If no WS close code will be reserved for "TLS invalid cert", then what alternative is there to signal that specific error condition to the app? c) Why is it so bad to have a code never used on wire, but used to signal an error that happened before a WS connection was established?
- Re: [hybi] failed TLS handshake: which close code? Richard L. Barnes
- [hybi] failed TLS handshake: which close code? Tobias Oberstein
- [hybi] Fwd: failed TLS handshake: which close cod… Alexey Melnikov
- Re: [hybi] failed TLS handshake: which close code? Alexey Melnikov
- Re: [hybi] Fwd: failed TLS handshake: which close… Peter Thorson
- Re: [hybi] Fwd: failed TLS handshake: which close… Alexey Melnikov
- Re: [hybi] failed TLS handshake: which close code? Alexey Melnikov
- Re: [hybi] failed TLS handshake: which close code? Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Peter Thorson
- Re: [hybi] failed TLS handshake: which close code? Tobias Oberstein
- Re: [hybi] failed TLS handshake: which close code? Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… John Tamplin
- Re: [hybi] Fwd: failed TLS handshake: which close… Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Gabriel Montenegro