Firefox and Chrome do not seem to like the way we close SSL connections

[itamar]

The attached example simulates a web server, closing the SSL connection when it's done. If you point Firefox 15 or Chromium 18.0.1025.168~r134367-0ubuntu0.12.0 (thank you Ubuntu!) at it, the connectionLost method is not called. ssldump suggests that while the server sends an SSL shutdown message to the browser, the browser never responds with its own SSL shutdown.

Add a connection: close header fixes the problem. It's possible browsers are incapable of handling clean TLS shutdown(?!) in which case maybe we should go back to old SSL behavior of unclean shutdown. Or maybe we're doing it wrong somehow.

[itamar]

A simulated HTTP server that does a clean TLS shutdown