On Wednesday 19 March 2014 15:27:04 Jeffrey Walton wrote: > On Wed, Mar 19, 2014 at 3:18 PM, Ángel González <[email protected]> wrote: > > On 19/03/14 12:52, Tim Ruehsen wrote: > > > > On Tuesday 18 March 2014 20:05:07 Daniel Kahn Gillmor wrote: > > > > On 03/18/2014 05:31 PM, Tim Rühsen wrote: > > > > $ wget -d --ca-certificate=ca-rsa-cert.pem > > --private-key=ca-rsa-key-plain.pem https://example.com:8443 > > 2014-03-18 21:48:04 (1.88 GB/s) - Read error at byte 5116 (The TLS > > connection was non-properly terminated.).Retrying. > > > > There seems to be a problem in Wget 1.15 (on Debian SID)... > > > > ... > > In our case, the connection shutdown by the server generates an error at > > the Wget side. (I guess this is a difference between SSL and plain TCP > > connections.) > > Wget assumes the transfer being incomplete and tries it again and again. > > Not really a bug, but also not the result a user would expect... > > Saying "the server is buggy" doesn't help either. > > > > > > In order to close a ssl session, the server should send a close_notify > > message, > > which seems to be what the server is not doing (in addition of not > > providing the Content-Length). > > IIS is a well-known server not doing it: > > https://bugs.php.net/bug.php?id=23220 > > That's actually OpenSSL's s_server (unless Tim's tests were carried > out with a different platform).
I took the example OpenSSL server invocation from your original post: $ openssl s_server -accept 8443 -www -certform PEM -cert server-rsa-cert.pem - keyform PEM -key server-rsa-key-plain.pem -tls1 -cipher kRSA:HIGH:-EDH Tim
