Security considerations for SSL_get_quiet_shutdown

august huber august.huber at
Wed Jun 13 14:21:18 CEST 2012

Hi All,

While performing some integration work with FreeRadius I have hit some
barriers in providing meaningful errors to clients during failed SSL
(eap_tls) transactions.  I was perplexed to discover that all SSL contexts
receive SSL_get_quiet_shutdown(ctx,1) called before shutdown.  I'm curious
about the logic behind this decision; specifically is it targeted to
decrease attacker awareness of failure modes or a function of poor client
integration causing some platform to barf when it receives a TLS Alert
message?  If neither, does anyone know how this change made it there?

Adding a conflg flag seems relatively straightforward for this case to
preserve the silent functionality when desired, but wanted to query the
list to see if anyone has a strong opinion before I do.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Devel mailing list