[gnutls-devel] GnuTLS | GNUTLS error at the end of connection (#1739)

Fri Sep 19 11:00:20 CEST 2025

Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1739#note_2763354889

> We think that the remote's closing its sending side of the TCP connection without using some sort of a TLS message (an alert?) beforehand that it's about to do so, somehow upsets GNUTLS.

A solid hypothesis, if only there was some quick way to check it...

TLS 1.3 specification section titled "Closure Alerts" is here: https://datatracker.ietf.org/doc/html/rfc8446#section-6.1,
and here's one for TLS 1.2: https://datatracker.ietf.org/doc/html/rfc5246#section-7.2.1, trivially reachable from [what I get as the first google result for "how are tls connections closed"](https://security.stackexchange.com/questions/82028/ssl-tls-is-a-server-always-required-to-respond-to-a-close-notify).

>   The client and the server must share knowledge that the connection is
>    ending in order to avoid a truncation attack.
>
>   ...
>
>   Each party MUST send a "close_notify" alert before closing its write
>   side of the connection, unless it has already sent some error alert.

Case closed.

> But we don't know much about the intricacies of TLS and would really appreciate if you could take a look as to why GNUTLS can't handle the request above.

It can. It'll then rightfully report the insecure protocol violation by the other peer to whatever code is using gnutls.

The gnutls support mailing list is [gnutls-help at lists.gnutls.org](https://lists.gnutls.org/mailman/listinfo/gnutls-help). This is a bugtracker for issues in gnutls, and nothing in your report suggests gnutls misbehaving.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1739#note_2763354889
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250919/19eee012/attachment.html>