TLSv1.2 Alert (Level: Warning, Description: Close Notify)
先看一个HTTP数据包首部信息,下面的首部是HTTPS数据解密出来的。
GET / HTTP/1.1
Host: xxx.com
Accept: */*
User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; zh-CN; MI 5 Build/MRA58K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.9.7.737 U3/0.8.0 Mobile Safari/534.30
Connection: keep-alive
Accept-Encoding: gzip
Accept-Language: zh-CN
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP=CAO PSA OUR
Content-Type: text/html;charset=GBK
Date: Fri, 15 Apr 2016 08:50:46 GMT
Connection: close
看到服务器响应HTTP后,connection状态是close。那么这个TCP连接就会关闭,所以SSL会话也就结束,后续还需要传递数据的话就需要重新进行SSL握手协商。在数据包中会看到close notify的信息。
RFC2246定义了close_notify的协商规范。
7.2.1. Closure alerts
The client and the server must share knowledge that the connection is ending in order to avoid a truncation attack. Either party may initiate the exchange of closing messages.
close_notify
This message notifies the recipient that the sender will not send any more messages on this connection. The session becomes unresumable if any connection is terminated without proper close_notify messages with level equal to warning.
Either party may initiate a close by sending a close_notify alert. Any data received after a closure alert is ignored.
Each party is required to send a close_notify alert before closing the write side of the connection. It is required that the other party respond with a close_notify alert of its own and close down the connection immediately, discarding any pending writes. It is not required for the initiator of the close to wait for the responding close_notify alert before closing the read side of the connection. If the application protocol using TLS provides that any data may be carried over the underlying transport after the TLS connection is closed, the TLS implementation must receive the responding close_notify alert before indicating to the application layer that the TLS connection has ended. If the application protocol will not transfer any additional data, but will only close the underlying transport connection, then the implementation may choose to close the transport without waiting for the responding close_notify. No part of this standard should be taken to dictate the manner in which a usage profile for TLS manages its data transport, including when connections are opened or closed.
NB: It is assumed that closing a connection reliably delivers
pending data before destroying the transport.