From f2652ea5e88c048ff321b25c88bb92ccc990a081 Mon Sep 17 00:00:00 2001
From: Tim Perry <pimterry@gmail.com>
Date: Wed, 15 May 2019 15:44:36 +0200
Subject: [PATCH] Don't allow half-open TLS connections

This fixes an issue where TLS clients that cleanly close connections
part-way through a handshake (e.g. node 12 TLS clients) did not trigger
a tlsClientError.
---
 lib/index.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/index.js b/lib/index.js
index 04b0b4f..9415f21 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -64,6 +64,8 @@ if (isOldNode) {
       if (firstByte < 32 || firstByte >= 127) {
         // tls/ssl
         socket.ondata = null;
+        // TLS sockets don't allow half open
+        socket.allowHalfOpen = false;
         self._tlsHandler(socket);
         socket.push(d.slice(start, end));
       } else {
@@ -91,6 +93,8 @@ if (isOldNode) {
       socket.unshift(data);
       if (firstByte < 32 || firstByte >= 127) {
         // tls/ssl
+        // TLS sockets don't allow half open
+        socket.allowHalfOpen = false;
         this._tlsHandler(socket);
       } else
         this.__httpSocketHandler(socket);