[hybi] failed TLS handshake: which close code?
Tobias Oberstein <tobias.oberstein@tavendo.de> Mon, 24 October 2011 07:58 UTC
Return-Path: <tobias.oberstein@tavendo.de>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFC9E21F8C6A for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 00:58:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBt8pOZ7IOOJ for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 00:58:16 -0700 (PDT)
Received: from EXHUB020-4.exch020.serverdata.net (exhub020-4.exch020.serverdata.net [206.225.164.31]) by ietfa.amsl.com (Postfix) with ESMTP id EEAC821F8C69 for <hybi@ietf.org>; Mon, 24 Oct 2011 00:58:15 -0700 (PDT)
Received: from EXVMBX020-12.exch020.serverdata.net ([169.254.3.230]) by EXHUB020-4.exch020.serverdata.net ([206.225.164.31]) with mapi; Mon, 24 Oct 2011 00:58:15 -0700
From: Tobias Oberstein <tobias.oberstein@tavendo.de>
To: "hybi@ietf.org" <hybi@ietf.org>
Date: Mon, 24 Oct 2011 00:58:13 -0700
Thread-Topic: failed TLS handshake: which close code?
Thread-Index: AcySIbAvR1mTC2mWQr2hZwnuI/+Ivg==
Message-ID: <634914A010D0B943A035D226786325D42D0B036D6D@EXVMBX020-12.exch020.serverdata.net>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [hybi] failed TLS handshake: which close code?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 07:58:16 -0000
Hybi-17: """ 4. Opening Handshake ... 4.1. Client Requirements ... 5. If /secure/ is true, the client MUST perform a TLS handshake over the connection after opening the connection and before sending the handshake data [RFC2818]. If this fails (e.g. the server's certificate could not be verified), then the client MUST _Fail the WebSocket Connection_ and abort the connection. Otherwise, all further communication on this channel MUST run through the encrypted tunnel. [RFC5246] """ When the client fails the TLS handshake (i.e. because of invalid server certificate), which close status code would be appropriate to use for signaling that specific reason to the caller? Is it supposed to use a close status code from the following range? """ 3000-3999 Status codes in the range 3000-3999 are reserved for use by libraries, frameworks and application. These status codes are registered directly with IANA. The interpretation of these codes is undefined by this protocol. """ Or are those only for "use on wire" not for signaling the caller? For example, Firefox currently provides the calling JavaScript with a "1006 Abnormal Connection Close": """ 1006 1006 is a reserved value and MUST NOT be set as a status code in a Close control frame by an endpoint. It is designated for use in applications expecting a status code to indicate that the connection was closed abnormally, e.g. without sending or receiving a Close control frame. """ However, this could be multiple things and is not giving the real reason to the JS. The JS thus can't react specifically ..
- Re: [hybi] failed TLS handshake: which close code? Richard L. Barnes
- [hybi] failed TLS handshake: which close code? Tobias Oberstein
- [hybi] Fwd: failed TLS handshake: which close cod… Alexey Melnikov
- Re: [hybi] failed TLS handshake: which close code? Alexey Melnikov
- Re: [hybi] Fwd: failed TLS handshake: which close… Peter Thorson
- Re: [hybi] Fwd: failed TLS handshake: which close… Alexey Melnikov
- Re: [hybi] failed TLS handshake: which close code? Alexey Melnikov
- Re: [hybi] failed TLS handshake: which close code? Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Peter Thorson
- Re: [hybi] failed TLS handshake: which close code? Tobias Oberstein
- Re: [hybi] failed TLS handshake: which close code? Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Tobias Oberstein
- Re: [hybi] Fwd: failed TLS handshake: which close… John Tamplin
- Re: [hybi] Fwd: failed TLS handshake: which close… Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Richard L. Barnes
- Re: [hybi] Fwd: failed TLS handshake: which close… Gabriel Montenegro