IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Kurt Roeckx <kurt@roeckx.be> Sat, 19 September 2015 13:14 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A15BC1B5CF7 for <tls@ietfa.amsl.com>; Sat, 19 Sep 2015 06:14:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.201
X-Spam-Level:
X-Spam-Status: No, score=-1.201 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E1KUdcYDgwV9 for <tls@ietfa.amsl.com>; Sat, 19 Sep 2015 06:14:09 -0700 (PDT)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 768161B5CF5 for <tls@ietf.org>; Sat, 19 Sep 2015 06:14:09 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id 057821C2114; Sat, 19 Sep 2015 15:14:08 +0200 (CEST)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id CA5131FE0152; Sat, 19 Sep 2015 15:14:07 +0200 (CEST)
Date: Sat, 19 Sep 2015 15:14:07 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: Florian Weimer <fweimer@redhat.com>
Message-ID: <20150919131407.GA14542@roeckx.be>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <55F81AA6.2040107@redhat.com> <20150915162921.GG13294@localhost> <55F93E51.50001@redhat.com> <CALuAYvaTVtPf=XXC8xhFA4AEgZ=qYHH8mBSMkoWKQb+bOgniNw@mail.gmail.com> <55F9586C.6000104@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <55F9586C.6000104@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wSXT32OHPT6mxuXWGpJLezYKnyY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Sep 2015 13:14:12 -0000

On Wed, Sep 16, 2015 at 01:54:20PM +0200, Florian Weimer wrote:
> On 09/16/2015 01:51 PM, Henrik Grubbström wrote:
> > On Wed, Sep 16, 2015 at 12:02 PM, Florian Weimer <fweimer@redhat.com> wrote:
> >> On 09/15/2015 06:29 PM, Nico Williams wrote:
> > [...]
> >>>
> >>> But if you have a fatal error you'll be closing immediately anyways.
> >>> Does sending the fatal alert cause a problem other than increase the
> >>> likelihood of RSTs?  What is the alternative considering that the next
> >>> step is to close the connection anyways?
> >>
> >> I'm trying to explain that any requirement to send fatal alerts will be
> >> difficult to implement.  With the BSD sockets API, the only way to do
> >> that reliable is *not* to close the socket immediately, which is
> >> apparently not what you (or existing APIs) expect, and which is where
> >> the difficulty lies.
> > 
> > What about SO_LINGER?
> 
> With full-duplex connections, it does not make a difference.  TCP will
> still detect a data loss event, send the RST segment, and discard the
> queued fatal alert.

>From what I understand, the RST is send after calling close(),
shutdown(SHUT_RD) or shutdown(SHUT_RDWR) and not all data has
been read from the socket or more data is received.

So my understanding of making sure the other end receives it is
calling close() when read() returns 0 (or an error).  You might
want to do shutdown(SHUT_WR) before that to indicate you're not
going to send anything anymore, but that should have no effect
since the other end is supposed to close the connection after
receiving the alert anyway.  You might want to have a timeout and
close it anyway.  If read() returns any data, you should of course
throw it away.

It seems that when you using SO_LINGER you might end up turning
your non-blocking socket into a blocking one on close() (or
shutdown?), and can't even tell if it was received succesfully or
not.

But I wonder in which cases it's important to receive the fatal
alert.  I guess it's the cases where it can tell you that
connecting again might work, and so would only be during the
handshake.  The only case I can think of is something like "client
certificate required", and as far as I know we don't even
currently have something that says that explicitly.


Kurt

v2.23.0 | Report a Bug | By Email