Comments inline. > Not yet; I do not yet see one obvious right action to text. > Rather I see > choices:- > a) receiver terminates session unilaterally; currently this > is only allowed after an 'idle timeout' and closure alert. > 'protocol_version' alert would seem appropriate; do the TLS > stacks allow syslog to generate this?. >
"protocol_version" is only for TLS version, it may not be inappropriate to indicate unsupporting application protocol version, it also may invoke another TLS handshaking. I checked "user_canceled" alert, TLS suggests (not strongly) that it can only be permitted during TLS handshaking, not after handshaking. Another option is to use "internal_error" alert, it is not very proper to meet this requirement. I tend to use "user_canceled" to indicate that the server does not support the version. Openssl has a fucntion ssl3_send_alert() to serve this purpose. > b) receiver returns syslog text message 'not ok' which rather > implies a message 'ok' when it is, all of which is alien to > this simplex application. > > c) receiver terminates session. simple, but likely to cause > the sender to keep retrying for a while. > > Thoughts? > > Tom Petch _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
