Major Description
ATS directly send FIN to client without send "close notify" before it. This break rfc standard. This can be easily reproduced by set
CONFIG proxy.config.http.keep_alive_enabled_in INT 0
http://tools.ietf.org/html/rfc5246#section-7.2.1
7.2.1. Closure Alerts
The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Either party may
initiate the exchange of closing messages.
close_notify
This message notifies the recipient that the sender will not send
any more messages on this connection. Note that as of TLS 1.1,
failure to properly close a connection no longer requires that a
session not be resumed. This is a change from TLS 1.0 to conform
with widespread implementation practice.
Either party may initiate a close by sending a close_notify alert.
Any data received after a closure alert is ignored.
This cause Safari on Apple devices send "fatal alert 0" in some condition. This would generate a lot of "error" log in diags.log. Apple's SSL library libsecurity_ssl treat unexpected shutdown as fatal error in some times.
ERROR: SSL::44:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0