crypto/tls: Conn.Close() does not close connection gracefully

[gn00616031]

Proposal Details

We use golang:1.21.3 to develop a websocket server, and deploy it on AWS. And we notice that the RST packets sent from server increased than our old server (which is developed in NodeJS). And we trace the code, find crypto/tls/coon.go: Close() may not close connection gracefully

As following screenshot, it send close notify then close connection directly. Then client send close notify to server, it will cause server response RST packet.

Thus we think that after send close notify, it should wait close notify from other side then close connection. It can prevent RST packet.

[seankhliao]

this sounds like a bug report rather than a proposal. please fill in the bug report template and confirm that it reproduces with the latest version of go (preferably including a reproducer).

[gabyhelp]

Related Issues

• crypto/tls: tls.Conn.Close sends unnecessary close_notify if the underlying connection was already closed #45709

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[gn00616031]

Go version: go1.23.4 darwin/amd64
go env
GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/Users/08196/Library/Caches/go-build'
GOENV='/Users/08196/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/08196/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/08196/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/Users/08196/go/pkg/mod/golang.org/[email protected]'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/08196/go/pkg/mod/golang.org/[email protected]/pkg/tool/darwin_amd64'
GOVCS=''
GOVERSION='go1.23.4'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/Users/08196/Library/Application Support/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD='/Users/08196/git/unity-sentry/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/20/jzqqmbwd1b9byw2h33_t3pnw827yyy/T/go-build2014222405=/tmp/go-build -gno-record-gcc-switches -fno-common'

Use these server code: https://go.dev/play/p/2tEl_4ieY6M and client code: https://go.dev/play/p/2aLxSyTZREF can reproduce the case.

If we control close process as following, server will not send RST packet, however, in most of library/framework just call interface (net.Conn) Close function.

tlsConn.CloseWrite()
tlsConn.SetReadDeadline(time.Now().Add(5 * time.Second))
buffer := make([]byte, 1000)
for {
	_, err := tlsConn.Read(buffer)
	if err != nil {
		break
	}
}
return tlsConn.Close()