You can use the functions RWSecureSocket::setShutdownMode() and RWSecureSocketContext::setShutdownMode() to set the shutdown mode to quiet. This mode instructs the SSL/TLS protocol to ignore CloseNotify messages that are sent by conforming SSL/TLS implementations at the end of a secure session. These functions enable interoperability with many SSL/TLS implementations. Unfortunately, using the quiet shutdown mode compromises security.
For example, the period at the end of the following sentence tells you that the sentence is complete:
"Destroy all documents unless I tell you otherwise."
The CloseNotify message is equivalent to the period. If your application instructs the SSL/TLS protocol to ignore CloseNotify messages, an attacker could block the second part of the message, and your application would never know it. This type of attack is known as a truncation attack.
For more information about security, see SSL and TLS - Designing and Building Secure Systems, by Eric Rescorla, referenced in Appendix B.
Copyright © Rogue Wave Software, Inc. All Rights Reserved.
The Rogue Wave name and logo, and SourcePro, are registered trademarks of Rogue Wave Software. All other trademarks are the property of their respective owners.
Provide feedback to Rogue Wave about its documentation.