Security considerations for SSL_get_quiet_shutdown
august huber
august.huber at gmail.com
Wed Jun 13 14:21:18 CEST 2012
Hi All,
While performing some integration work with FreeRadius I have hit some
barriers in providing meaningful errors to clients during failed SSL
(eap_tls) transactions. I was perplexed to discover that all SSL contexts
receive SSL_get_quiet_shutdown(ctx,1) called before shutdown. I'm curious
about the logic behind this decision; specifically is it targeted to
decrease attacker awareness of failure modes or a function of poor client
integration causing some platform to barf when it receives a TLS Alert
message? If neither, does anyone know how this change made it there?
Adding a conflg flag seems relatively straightforward for this case to
preserve the silent functionality when desired, but wanted to query the
list to see if anyone has a strong opinion before I do.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20120613/960db7e2/attachment.html>
More information about the Freeradius-Devel
mailing list