[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS recv error (-9): A TLS packet with unexpected length was rece
From: |
Joe Orton |
Subject: |
Re: GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro |
Date: |
Thu, 3 Feb 2011 12:14:17 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Thu, Feb 03, 2011 at 11:03:10AM +0100, Nikos Mavrogiannopoulos wrote:
> On Wed, Feb 2, 2011 at 11:33 PM, Joe Orton <address@hidden> wrote:
> >> Several sites terminate the TLS connection without following the TLS
> >> protocol (i.e. sending closure alerts), but rather terminate the TCP
> >> connection directly. This is a relic of SSLv2 and it seems other
> >> implementations ignore this error. GnuTLS doesn't and thus prints
> >> this error. You could ignore it, but then you could not distinguish
> >> between a premature connection termination (i.e. by someone injecting
> >> a stray TCP termination packet) and normal termination.
> > The problem is that GnuTLS does not distinguish the TCP closure case
> > from this rather generic "unexpected length" error, as has been
> > discussed on this list before. The OpenSSL API does expose this
> > distinction.
>
> How does openssl expose this distinction? Does it have a separate error for
> unclean termination?
Via the SSL_get_error() interface, see part on SSL_ERROR_SYSCALL.
Regards, Joe