[Date Prev][Date Next]
Re: TLS closure and outstanding operations
I believe the intent here is to get the client to understand that no outstanding operations will be replied to once the server recieves the TLS closure. If the client abandons all outstanding operations, it should no expect to see results.
The second paragraph is only implied at this point, and I imagine most server implementations do this (abandon all outstanding operations in one way or another). Either that, or they shut down the connection. If I remember right, once the server recieves the TLS closure, it can't send anymore encrypted data, it must respond with a TLS closure message as well, so it can't really wait for outstanding operations to finish--it has to abandon them.
>>> Hallvard B Furuseth <firstname.lastname@example.org> 12/02 6:38 AM >>>
[Protocol] 220.127.116.11 (Graceful Closure) says:
> Before closing a TLS connection, the client MUST either wait for any
> outstanding LDAP operations to complete, or explicitly abandon them.
If this is because there can be protocol trouble if there are
outstanding operations on the wire during the TLS closure, this doesn't
help: Abandon operations need not be honored, so the abandoned
operations may send respones anyway.
If that is not the reason, graceful TLS closure could just as well
be defined to abandon outstanding operations itself, just like bind.
Also, if so it should also wait for operations that could not be
abandoned to terminate, if the TLS protocol allows that.