[TLS] Re: TLS 1.3 early data and TCP resets
Jeremy Harris <jgh@wizmail.org> Thu, 22 May 2025 20:17 UTC
Return-Path: <jgh@wizmail.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 111702C04B96 for <tls@mail2.ietf.org>; Thu, 22 May 2025 13:17:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=wizmail.org header.b="234CHc+J"; dkim=pass (2048-bit key) header.d=wizmail.org header.b="pLtloOar"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djYaJPrp6254 for <tls@mail2.ietf.org>; Thu, 22 May 2025 13:17:51 -0700 (PDT)
Received: from mx.wizmail.org (smtp.wizmail.org [IPv6:2a00:1940:2:3::2:28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 35C382C04B7E for <tls@ietf.org>; Thu, 22 May 2025 13:17:50 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org; s=e202001; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:Autocrypt:From:References:To:Subject:MIME-Version:Date:Message-ID :From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type :Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive:Autocrypt; bh=qF9JioPrD8edcigGLu+7w3c/Bh/FZpVnWCB3itMam6g=; b=234CHc+JeFXFsE+Ra802rIxiEk wYbfZSFJF0bG6sn2W8aXG/5HHFkLLBFjsZaGEMJff+4vUgDZNwYZgWuJWQBg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org ; s=r202001; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:Autocrypt: From:References:To:Subject:MIME-Version:Date:Message-ID:From:Sender:Reply-To: Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive:Autocrypt; bh=qF9JioPrD8edcigGLu+7w3c/Bh/FZpVnWCB3itMam6g=; b=pLtloOarFA838QUTFgU/FeumZh i4lMeeX0PXVZqRLOm2XBE5NkOgvyAJB2msrjLl/7jS+nl3Lara8TYnNp5vKoNSFbZI2asoWOkNPE8 v5P0w2t/nH3eWYSbdQBJc1uxlnHdktKRpTXUTjfWuAhmYEF2LMBBdgxkVgm5gbE3CLjGE1Ioj9v8K 6fKqzCJM9M9CXkzJWNcPV2LV5soe4iyAkFSFI8BtSSbggg5WAfGt5n209NyG29lBnlopEkiamxNrD 9ksY8idO08G5EdFFKhKSggn3pAZIAJ9TsqD6WcEXddcjQI/DXdO7YbaawkOB2MvEjXUclANnK/rG5 SHDkrbow==;
Authentication-Results: wizmail.org; iprev=pass (hellmouth.gulag.org.uk) smtp.remote-ip=85.158.153.62; auth=pass (PLAIN) smtp.auth=jgh@wizmail.org
Received: from hellmouth.gulag.org.uk ([85.158.153.62] helo=[192.168.0.17]) by www.wizmail.org (Exim 4.98.115) (TLS1.3) tls TLS_AES_128_GCM_SHA256 with esmtpsa id 1uICMP-00000002p1y-1hMJ for tls@ietf.org (return-path <jgh@wizmail.org>); Thu, 22 May 2025 20:17:49 +0000
Message-ID: <5380104f-de38-4e97-8d5d-4713243d04f7@wizmail.org>
Date: Thu, 22 May 2025 21:17:49 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: tls@ietf.org
References: <CAF8qwaBxhGiR1fB97x2fh_5xzgb+s+x6Dazj1uU5gBRA86LBQQ@mail.gmail.com>
From: Jeremy Harris <jgh@wizmail.org>
Content-Language: en-GB
Autocrypt: addr=jgh@wizmail.org; keydata= xsBNBFWABsQBCADTFfb9EHGGiDel/iFzU0ag1RuoHfL/09z1y7iQlLynOAQTRRNwCWezmqpD p6zDFOf1Ldp0EdEQtUXva5g2lm3o56o+mnXrEQr11uZIcsfGIck7yV/y/17I7ApgXMPg/mcj ifOTM9C7+Ptghf3jUhj4ErYMFQLelBGEZZifnnAoHLOEAH70DENCI08PfYRRG6lZDB09nPW7 vVG8RbRUWjQyxQUWwXuq4gQohSFDqF4NE8zDHE/DgPJ/yFy+wFr2ab90DsE7vOYb42y95keK tTBp98/Y7/2xbzi8EYrXC+291dwZELMHnYLF5sO/fDcrDdwrde2cbZ+wtpJwtSYPNvVxABEB AAHNJkplcmVteSBIYXJyaXMgKG5vbmUpIDxqZ2hAd2l6bWFpbC5vcmc+wsCOBBMBCAA4FiEE qYbzpr1jd9hzCVjevOWMjOQfMt8FAl4WMuMCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA CgkQvOWMjOQfMt946ggAvqDr2jvVnGIN2Njnjl2iiKyw4dYdFzNhZgjTaryiV90BftUDxRsB uTVFUC6XU+B13MEgSK0zRDyI5NpEH+JTW539gWlmz2k2WTTmoBsm/js1ELoAjGr/i32SByqm 0fo3JPctn/lc7oTo0muGYvB5xWhTHRlcT9zGTRUb/6ucabVLiJUrcGhS1OqDGq7nvYQpFZdf Dj7hyyrCKrq6YUPRvoq3aWw/o6aPUN8gmJj+h4pB5dMbbNKm7umz4O3RHWceO9JCGYxfC4uh 0k85bgIVb4wtaljBW90YZRU/5zIjD6r2b6rluY55rLulsyT7xAqe14eE1AlRB1og/s4rUtRf 8M7ATQRVgAbEAQgA6YSx2ik6EbkfxO0x3qwYgow2rcAmhEzijk2Ns0QUKWkN9qfxdlyBi0vA nNu/oK2UikOmV9GTeOzvgBchRxfAx/dCF2RaSUd0W/M4F0/I5y19PAzN9XhAmR50cxYRpTpq ulgFJagdxigj1AmNnOHk0V8qFy7Xk8a1wmKI+Ocv2Jr5Wa5aJwTYzwQMh4jvyzc/le32bTbD ezf1xq5y23HTXzXfkg9RDZmyyfEb8spsYLk8gf5GvSXYxxyKEBCei9eugd4YXwh6bfIgtBj2 ZLYvSDJdDaCdNvYyZtyatahHHhAZ+R+UDBp+hauuIl8E7DtUzDVMKVsfKY71e8FSMYyPGQAR AQABwsB8BBgBCAAmAhsMFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmgeKicFCRZfl6wACgkQ vOWMjOQfMt8Bewf9F3xhidAAzCrlwceeSx16n82sSmtCopkoSp85++P6P3Nzt/erkqnhZY0Y OZM5xIBJU5ejKalb6aYB4OU7q20MfTerPo+XhuWDjKYb0RrMmekVsE4/V5sFCgdwkqjax1ZX Jk3/vkTRnpHtuKas9FxGxeyaJrsYBhJIgzcXAfN3zYRD+x6L/zNYzvvoEEH8dKIeKh0dEXg0 3p0VWJU8zfWo2NT+xeqYnG8OO2HAr9/D9Sw9W4HZ4csdWXOJ/GmnHYri9Q4RyrF8uH4fAxKr c1cFYEY84iaBog5uv3dti9vUit8XWyae8rTPC/QyAekgREvAJnISWxLQWWbOqd6TkoTqJw==
In-Reply-To: <CAF8qwaBxhGiR1fB97x2fh_5xzgb+s+x6Dazj1uU5gBRA86LBQQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pcms-Received-Sender: hellmouth.gulag.org.uk ([85.158.153.62] helo=[192.168.0.17]) with esmtpsa
Message-ID-Hash: GKYCF22P7HWQCBNJ2QSDCDGCJQHMLQ62
X-Message-ID-Hash: GKYCF22P7HWQCBNJ2QSDCDGCJQHMLQ62
X-MailFrom: jgh@wizmail.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: TLS 1.3 early data and TCP resets
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kL4ZeVlUBVZYl_irWsjWqugpaY4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On 2025/05/21 3:59 PM, David Benjamin wrote:
> This leads to an interesting interaction with TCP resets and more
> simplistic application protocols. Suppose you have a very, very simple
> protocol that sends a single request and response pair. (E.g. HTTP/1.x
> without connection reuse.)
>
>
> 1.
>
> Client sends request
> 2.
>
> Server reads request
> 3.
>
> Server sends response
> 4.
>
> Server closes connection
Bad programming.
The server should not close the TCP connection immediately, precisely
because there is an intermediate layer of protocol, TLS.
It should instead tell the TLS layer that it will be *sending* no
further data, and then wait around until it gets an indication of
TLS-level close (handling any spurious client data received in the
meantime). Only after that TLS-close indication should it close the
socket.
Now, the two major TLS libraries I know of (OpenSSL, GnuTLS) offer
that "tell the TLS lyer to close" operation directly in terms of
"send a TLS Close Alert" (which is a channel half-close; translating
as "I will send no more". Sending one does not inhibit reception of
data) - and it is reasonable to follow that with a TCP-level half-close,
by the application calling shutdown(SHUT_WR). They can even go in
the same TCP segment (by playing with corking).
[ High-rate server applications might consider pausing before
getting a FIN sent, so that clients get the TIME_WAIT state ]
But being eager with a close() syscall is just wrong.
--
Cheers,
Jeremy
- [TLS] TLS 1.3 early data and TCP resets David Benjamin
- [TLS] Re: TLS 1.3 early data and TCP resets Martin Thomson
- [TLS] Re: TLS 1.3 early data and TCP resets David Benjamin
- [TLS] Re: TLS 1.3 early data and TCP resets Watson Ladd
- [TLS] Re: TLS 1.3 early data and TCP resets Jeremy Harris
- [TLS] Re: TLS 1.3 early data and TCP resets Martin Thomson
- [TLS] Re: TLS 1.3 early data and TCP resets David Benjamin