TLSv1.2 Alert (Level: Warning, Description: Close Notify)

先看一個HTTP數據包首部信息，下面的首部是HTTPS數據解密出來的。

GET / HTTP/1.1
Host: xxx.com
Accept: */*
User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; zh-CN; MI 5 Build/MRA58K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.9.7.737 U3/0.8.0 Mobile Safari/534.30
Connection: keep-alive
Accept-Encoding: gzip
Accept-Language: zh-CN

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP=CAO PSA OUR
Content-Type: text/html;charset=GBK
Date: Fri, 15 Apr 2016 08:50:46 GMT
Connection: close

看到服務器響應HTTP后，connection狀態是close。那么這個TCP連接就會關閉，所以SSL會話也就結束，后續還需要傳遞數據的話就需要重新進行SSL握手協商。在數據包中會看到close notify的信息。

 

 

RFC2246定義了close_notify的協商規范。
7.2.1. Closure alerts

The client and the server must share knowledge that the connection is ending in order to avoid a truncation attack. Either party may initiate the exchange of closing messages.

close_notify
This message notifies the recipient that the sender will not send any more messages on this connection. The session becomes unresumable if any connection is terminated without proper close_notify messages with level equal to warning.

Either party may initiate a close by sending a close_notify alert. Any data received after a closure alert is ignored.

Each party is required to send a close_notify alert before closing the write side of the connection. It is required that the other party respond with a close_notify alert of its own and close down the connection immediately, discarding any pending writes. It is not required for the initiator of the close to wait for the responding close_notify alert before closing the read side of the connection. If the application protocol using TLS provides that any data may be carried over the underlying transport after the TLS connection is closed, the TLS implementation must receive the responding close_notify alert before indicating to the application layer that the TLS connection has ended. If the application protocol will not transfer any additional data, but will only close the underlying transport connection, then the implementation may choose to close the transport without waiting for the responding close_notify. No part of this standard should be taken to dictate the manner in which a usage profile for TLS manages its data transport, including when connections are opened or closed.

NB: It is assumed that closing a connection reliably delivers
pending data before destroying the transport.