[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protocol: PDUs received during TLS closure

The 'Outstanding operations after TLS closure/renegotiation'
thread reminded me of a brief unresolved thread:

http://www.openldap.org/lists/ietf-ldapbis/200403/msg00066.html

At 10 Mar 2004, Kurt D. Zeilenga wrote:
>At 05:51 AM 3/9/2004, Hallvard B Furuseth wrote:
>>Protocol-22 says:
>>> 4.14.3. Closing a TLS Connection
>>> 4.14.3.1. Graceful Closure
>>
>>>    The initiating protocol peer sends the TLS closure alert. If it
>>>    wishes to leave the LDAP connection intact, it then MUST cease to
>>>    send further PDUs and MUST ignore any received PDUs until it receives
>>>    a TLS closure alert from the other peer.
>>
>> Why must the client ignore received PDUs?  It makes sense for servers,
>> but clients could have use for them.  At least unsolicited
>> notifications.
>
> I don't think this is an TLS thing...  I think it's more of
> an LDAP thing.
>
>  From a server perspective, it trying to say (I think) that a
> server initiating the closure should not attempt to continue
> returning PDUs for an outstanding operation (or send any additional
> notices), and ignore requests to start processing any new
> operations until it receives the alert from the client.
>
> And from a client perspective, it trying to say that clients
> should not issue new operations until after it receives the
> alert from the server.  The text does imply that the client
> should ignore notices.  This seems somewhat odd.
>
> I am also concerned that the text doesn't discuss cipher suite
> changes, which need similar consideration.
>
>>Is this some TLS thing, that the network data is unreliable until TLS
>>closure is completed?  If so there should not be talk about PDUs at all,
>>since any sent PDUs may be malformed.
>
> Right, if it a TLS thing (which I don't think it is), it
> should that further data arriving on the TLS connection is
> to be ignored.

-- 
Hallvard