nodejs · mmomtchev · Nov 20, 2020 · Nov 21, 2020 · Nov 22, 2020 · Nov 22, 2020
diff --git a/lib/_http_client.js b/lib/_http_client.js
@@ -708,13 +708,7 @@ function responseOnEnd() {
   req._ended = true;
 
   if (!req.shouldKeepAlive) {
-    if (socket.writable) {
-      debug('AGENT socket.destroySoon()');
-      if (typeof socket.destroySoon === 'function')
-        socket.destroySoon();
-      else
-        socket.end();
-    }
+    socket.end();
     assert(!socket.writable);
   } else if (req.finished && !this.aborted) {
     // We can assume `req.finished` means all data has been written since:

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -571,6 +571,27 @@ tls_wrap.TLSWrap.prototype.close = function close(cb) {
   return this._parent.close(done);
 };
 
+TLSSocket.prototype.destroySoon = function() {
+  if (this.writable)
+    this.end();
+
+  if (this.writableFinished && this.readableEnded)
+    this.destroy();
+  else
+    this.once('finish', () => {
+      // TLS needs special handling when the server initiates the closing
+      // of the connection because a TLS-compliant client will send more data
+      // after receiving the server FIN
+      // If the server immediately destroys its socket, this data will trigger a
+      // RST packet in response
+      // https://github.com/nodejs/node/issues/36180
+      if (this.readableEnded)
+        this.destroy();
+      else
+        this.once('end', this.destroy);
+    });
+};
+
 TLSSocket.prototype.disableRenegotiation = function disableRenegotiation() {
   this[kDisableRenegotiation] = true;
 };

diff --git a/test/parallel/test-http-should-keep-alive.js b/test/parallel/test-http-should-keep-alive.js
@@ -49,7 +49,7 @@ const countdown = new Countdown(SHOULD_KEEP_ALIVE.length, () => server.close());
 const getCountdownIndex = () => SERVER_RESPONSES.length - countdown.remaining;
 
 const server = net.createServer(function(socket) {
-  socket.write(SERVER_RESPONSES[getCountdownIndex()]);
+  socket.end(SERVER_RESPONSES[getCountdownIndex()]);
 }).listen(0, function() {
   function makeRequest() {
     const req = http.get({ port: server.address().port }, function(res) {

diff --git a/test/parallel/test-https-end-rst.js b/test/parallel/test-https-end-rst.js
@@ -0,0 +1,40 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const https = require('https');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+
+const opt = {
+  key: fixtures.readKey('agent1-key.pem'),
+  cert: fixtures.readKey('agent1-cert.pem')
+};
+
+const data = 'hello';
+const server = https.createServer(opt, common.mustCallAtLeast((req, res) => {
+  res.setHeader('content-length', data.length);
+  res.end(data);
+}, 2));
+
+server.listen(0, function() {
+  const options = {
+    host: '127.0.0.1',
+    port: server.address().port,
+    rejectUnauthorized: false,
+    ALPNProtocols: ['http/1.1'],
+    allowHalfOpen: true
+  };
+  const socket = tls.connect(options, common.mustCall(() => {
+    socket.write('GET /\n\n');
+    socket.once('data', common.mustCall(() => {
+      socket.write('GET /\n\n');
+      setTimeout(common.mustCall(() => {
+        socket.destroy();
+        server.close();
+      }), common.platformTimeout(10));
+    }));
+  }));
+});