[
https://issues.apache.org/jira/browse/DIRSTUDIO-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14338396#comment-14338396
]
alexander todorov commented on DIRSTUDIO-1015:
----------------------------------------------
In the RFC for TLS version 1 I see:
The client and the server must share knowledge that the connection is ending in
order to avoid a truncation attack.
Each party is required to send a close_notify alert before closing the write
side of the connection.
As I said by not calling StartTlsResponse.close() close_notify is not sent.
> Question about the closing of TLS connection in Apache Directory Studio
> -----------------------------------------------------------------------
>
> Key: DIRSTUDIO-1015
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1015
> Project: Directory Studio
> Issue Type: Question
> Reporter: alexander todorov
>
> Hi,
> I am looking in the sources of Apache Directory Studio and I have a question.
> In the class
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper
> I see that in the method disconnect, the connection is closed only by
> invoking of context.close() (context is of type InitialLdapContext).
> My question is:
> In case of using of StartTLS extension why don’t you call
> StartTlsResponse.close() prior to context.close() ?
> StartTlsResponse.close() sends the TLS alert - close_notify.
> Is it safe not to call StartTlsResponse.close() ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
