client -------------------------------- server
encrypted alert (21) ----------------------->
FIN,ACK ------------------------------------>
<------------------------ encrypted alert(21)
<---------------------------------------- ACK
RST ---------------------------------------->
<------------------------------------ FIN,ACK
<-------------------------------- FIN,PSH,ACK
Hi, I am going to ask you a question because there is a problem while analyzing the network packet.
I drew a simple flow on top.
Currently, there is a problem due to RST/FIN, ACK packets when the SSL connection ends. Due to the FIN, ACK packets coming in after the RST termination, dummy sessions are being generated in L4.
What I'm curious about is 1. Causes of encrypted alerts? 2. Why is there no FIN on the server before the client sends FIN, ACK? 3. Is it a server setup or coding issue for clients to unilaterally terminate sessions using FIN, ACK and RST?
somebody help me!
