@@ -468,42 +468,19 @@ The following code describes these functions in more detail:
468468 """
469469 Shutdown TLS and the underlying socket.
470470
471- Proper TLS applications ought to signal their peers when they're
472- done sending data by sending a closing alert.
473-
474- * ``socket.SHUT_WR`` (``1``) sends the closing alert to the peer and
475- then prevents sending any further message. Proper TLS application
476- **MUST** call this method with this parameter to gracefully close
477- the TLS connection. *Safe* in TLS 1.3. Actually acts like
478- ``SHUT_RDWD`` in TLS 1.2 and is as *unsafe* as ``SHUT_RD``.
479-
480- * ``socket.SHUT_RD`` (``0``) simulates receiving the closing alert
481- from the peer and then ignores all further received messages.
482- *Unsafe* (risk of data loss) unless the connection is otherwise
483- known to be over thanks to the application-layer protocol (e.g.
484- HTTP Content-Length).
485-
486- * ``socket.SHUT_RDWR`` (``2``) does both ``SHUT_RD`` and ``SHUT_WR``.
487- As *unsafe* as ``SHUT_RD``.
488-
489- In TLS 1.2, the closing alert is synchronous, receiving it triggers
490- an immediate closing alert response, and both connections are
491- immediately shut. It means that ``SHUT_WR`` acts like ``SHUT_RDWR``
492- and is unsafe unless all the data have been received.
493-
494- In TLS 1.3, the closing alert is asynchronous, sending the closing
495- alert only closes the sender's sending-end and receiver's
496- receiving-end. The peer can keep on sending data until he
497- independently decides to close its own sending-end of the
498- connection. There is not risk of data truncation with ``SHUT_WR``.
471+ * ``socket.SHUT_RD`` (``0``) unilateraly close the receiving-side:
472+ discard present and future unread messages.
473+ * ``socket.SHUT_WR`` (``1``) gracefully close the sending-side:
474+ send a closing alert and prevent sending more messages.
475+ * ``socket.SHUT_RDWR`` (``2``): both ``SHUT_WR`` and ``SHUT_RD``.
499476
500477 .. danger::
501478
502- Both ``socket. SHUT_RD`` (``0``) and ``socket. SHUT_RDWR`` (``2``)
503- pose a risk of data loss, only use them when facing a bad actor
504- or when the connection is otherwise known to be over.
479+ Both ``shutdown( SHUT_RD) `` and ``shutdown( SHUT_RDWR) `` pose a
480+ risk of data loss: they are unsafe unless the connection is
481+ otherwise known to be over or when truncation is not an issue .
505482
506- In TLS 1.2 the same risk applies also to ``socket. SHUT_WR`` (``1``) .
483+ In TLS 1.2, the same risk applies also to ``shutdown( SHUT_WR)`` .
507484 """
508485 ...
509486
@@ -512,15 +489,15 @@ The following code describes these functions in more detail:
512489 """
513490 Close the underlying socket, but only when it is safe to do so.
514491
515- When the sending-end of the connection is still open, it sends a
516- closing alert before closing the socket, raising ``WantWriteError``
517- when it fails.
492+ When the sending-side of the connection is still open, it gracefully
493+ closes the TLS sending-side before closing the socket, raising
494+ ``WantWriteError`` when it fails.
518495
519- When the receiving-end of the connection is still open, it always
496+ When the receiving-side of the connection is still open, it always
520497 raises ``WantReadError`` as there's a risk of data loss / truncation
521498 attack. The user must first either: (safe) ``recv`` until the peer
522- closes its sending-end of the connection, or (unsafe) take the risk
523- and unilateraly ``shutdown`` the reading-end of the connection.
499+ closes its sending-side of the connection, or (unsafe) take the risk
500+ and unilateraly ``shutdown`` the receiving-side of the connection.
524501 """
525502 ...
526503
0 commit comments