Status: Untriaged Owner: [email protected] Labels: Type-Bug Pri-3 OS-All Area-BrowserBackend Size-Medium
New issue 18586 by [email protected]: Add an error code for SSL connection closure without a close_notify alert http://code.google.com/p/chromium/issues/detail?id=18586 We should add an error code, equivalent to the errSSLClosedNoNotify result code of the Secure Transport library on Mac OS X, that indicates the peer closes the SSL connection without sending an SSL close_notify alert. When an SSL connection is closed without a close_notify, we're potentially vulnerable to a truncation attack if the protocol running on top of SSL doesn't have a way to determine the length of the data (such as the "Content-Length" response header or chunked encoding of HTTP). For site compatibility, I'm afraid that Chromium will have to ignore this error, but it would be nice for SSLClientSocket to report this error. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
