You can use the functions RWSecureSocket::setShutdownMode() and RWSecureSocketContext::setShutdownMode() to set the shutdown mode to quiet. This mode instructs the SSL/TLS protocol to ignore CloseNotify messages that are sent by conforming SSL/TLS implementations at the end of a secure session. These functions enable interoperability with many SSL/TLS implementations. Unfortunately, using the quiet shutdown mode compromises security.
For example, the period at the end of the following sentence tells you that the sentence is complete:
"Destroy all documents unless I tell you otherwise."
The CloseNotify message is equivalent to the period. If your application instructs the SSL/TLS protocol to ignore CloseNotify messages, an attacker could block the second part of the message, and your application would never know it. This type of attack is known as a truncation attack.
For more information about security, see "SSL and TLS - Designing and Building Secure Systems", by Eric Rescorla, referenced in Section B.2.1, "Books."
© Copyright Rogue Wave Software, Inc. All Rights Reserved.
Rogue Wave and SourcePro are registered trademarks of Rogue Wave Software, Inc. in the United States and other countries. All other trademarks are the property of their respective owners.
Contact Rogue Wave about documentation or support issues.