Using Go, how can a tls.Conn be safely shutdown without entirely closing the underlying connection? I have a working solution, but I am not sure if there is a better way.
In my application I have a non-SSL connection that is eventually 'upgraded' to an SSL connection. Then at some point the SSL connection should be closed cleanly, and the connection should return to the non-SSL version (where unencrypted traffic can be sent between the two parties).
Something like this:
import "tls"
func app(connection net.Conn){
// process some data on the connection, then eventually change it to SSL
ssl = tls.Client(connection, sslConfig) // sslConfig defined elsewhere
ssl.Handshake()
// process data using ssl for a while
// now shut down SSL but maintin the original connection
ssl.CloseWrite()
// at this point we have sent a closeNotify alert to the remote side and are expecting a closeNotify be sent back to us.
// the only way to read the closeNotify is to attempt to read 1 byte
b := make([]byte, 1)
ssl.Read(b)
// assuming the remote side shut down the connection properly, the SSL transport should be finished
connection.Read(...) // can go back to the unencrypted connection
}
The part I dislike about this is having to make a 1 byte array and read from it just so that the SSL connection can read the notifyClose record.
Is there a better way to cleanly shutdown the SSL connection?