Rogue Wave banner
Previous fileTop of DocumentContentsIndex pageNext file
Secure Communication Module User's Guide
Rogue Wave web site:  Home Page  |  Main Documentation Page

5.13 Security Issues

You can use the functions RWSecureSocket::setShutdownMode() and RWSecureSocketContext::setShutdownMode() to set the shutdown mode to quiet. This mode instructs the SSL/TLS protocol to ignore CloseNotify messages that are sent by conforming SSL/TLS implementations at the end of a secure session. These functions enable interoperability with many SSL/TLS implementations. Unfortunately, using the quiet shutdown mode compromises security.

For example, the period at the end of the following sentence tells you that the sentence is complete:

The CloseNotify message is equivalent to the period. If your application instructs the SSL/TLS protocol to ignore CloseNotify messages, an attacker could block the second part of the message, and your application would never know it. This type of attack is known as a truncation attack.

For more information about security, see SSL and TLS - Designing and Building Secure Systems, by Eric Rescorla, referenced in Appendix B.



Previous fileTop of DocumentContentsNo linkNext file

Copyright © Rogue Wave Software, Inc. All Rights Reserved.

The Rogue Wave name and logo, and SourcePro, are registered trademarks of Rogue Wave Software. All other trademarks are the property of their respective owners.
Provide feedback to Rogue Wave about its documentation.