Re: [TLS] Warning alert before TLS 1.3 ServerHello
Eric Rescorla <ekr@rtfm.com> Wed, 09 May 2018 17:56 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 248D21270A3 for <tls@ietfa.amsl.com>; Wed, 9 May 2018 10:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.709
X-Spam-Level:
X-Spam-Status: No, score=-0.709 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XPIvP6Bb13P7 for <tls@ietfa.amsl.com>; Wed, 9 May 2018 10:56:57 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC7B126E64 for <tls@ietf.org>; Wed, 9 May 2018 10:56:57 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id v2-v6so32295187oif.3 for <tls@ietf.org>; Wed, 09 May 2018 10:56:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IyNqoVqZesvF0+w5QDM/QUGIsA0J2vQfTwHVhBnrIFw=; b=Ge3P3yuph+56+qxRQebhXf8VQSRNPHFOcJ6bhrdxtle26Xd0DJLVMOQBWOEjMustfi mUg/ksBnbCFUlXHG8iBlJkunSfbyRPYevjJV3Bdp0oNskj01hExH7Wmr01rlsUeT2wTx Oxf9iXXYECADuf1Wj/Tx/olvarTO3upg0uEwYp6OoZrkl8qtG+GPRV1PXKYPOGlRuHvN ppboNi9vJCNiZARw9ENHmAds4Zv0BxEa2qAQdhg3U6KHt1TTFj+u5KNCCVVLk4Bl7HdM AxDlxLydATmUPXX1I+mC6VU17UDg3a7TNJjb8SEBIwXgGNjJPVN5C5Gv/mMlefD4Q4JF YzPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IyNqoVqZesvF0+w5QDM/QUGIsA0J2vQfTwHVhBnrIFw=; b=kLiT1SxNrg6xXeRwPjusipwpjSPBVVFFJsp5Z5wXQGqXFUH/K3lE5Wvpzzxy8leQPu sbyZithriv45sqGiobBk8jTrN8gUgFkzBtV7bgwcUhZ1ljnyWuqDT22uIAGp1COGsIVy uHAOHrZey11mAgaiymS93o5gewtLKRX2C58MmVIgBbzISAwc8bM89vV9lfK8Xu9+/tLt khJtu0eP1ykuJl1dobYi68d5v9PnKwK+a7agiZOVLbByOBP5WTfEJzUt2Tibh0bYOEmn tBi0SUcbvO9iqC+p/n/yBX2wCW+WtQZQ82poNUy5E6z/GqM0ztPRh9bU1guoud65Td4n nGtA==
X-Gm-Message-State: ALQs6tAi/VrzgfrpP6D91bHtBd/jB6oGPsmNOVVA8KDRzjg/l1GRZdt7 7+mQgZimoVC3ufmPNTOOEskxZ2HoiipeEIia5x5Jky/g
X-Google-Smtp-Source: AB8JxZrcqSF0KW1jl6tENij0wkjrJZbFoQ8k/VT530AcXhGr4K+XD4M45MxlU34dw8lff+y19EVR2xx4nXh0ciU3hUE=
X-Received: by 2002:aca:d10:: with SMTP id 16-v6mr29809959oin.108.1525888616415; Wed, 09 May 2018 10:56:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.118.130 with HTTP; Wed, 9 May 2018 10:56:15 -0700 (PDT)
In-Reply-To: <EB30106F-F089-4A2B-845E-FF560399DD55@nerd.ninja>
References: <EB30106F-F089-4A2B-845E-FF560399DD55@nerd.ninja>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 09 May 2018 10:56:15 -0700
Message-ID: <CABcZeBO8_nHpxRZgeeH3wvP7hAYQGwDAu4vcYmjoZTmpOeoXqw@mail.gmail.com>
To: Roelof duToit <r@nerd.ninja>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2dadb056bc9a013"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oGitJJh0pF69yavPTgJ83dbqMAY>
Subject: Re: [TLS] Warning alert before TLS 1.3 ServerHello
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 17:56:59 -0000
But it actually sends an SH? That seems odd and kind of an ambiguous point in the spec. -Ekr On Wed, May 9, 2018 at 10:14 AM, Roelof duToit <r@nerd.ninja> wrote: > In one of our tests OpenSSL 1.1.1-dev sends an unrecognized_name warning > alert before a TLS 1.3 (draft 26) ServerHello. Alert level is supposed to > be implicit in TLS 1.3, but in this case it is ambiguous. Should it even > be considered a “TLS 1.3 alert” given that it arrives before the protocol > version is confirmed? > > TLS 1.3 draft section 6 states that "All the alerts listed in Section 6.2 > MUST be sent with AlertLevel=fatal and MUST be treated as error alerts > regardless of the AlertLevel in the message”. Is the client supposed to > remember that it received a warning level alert and terminate after parsing > the ServerHello? > > —Roelof > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Warning alert before TLS 1.3 ServerHello Roelof duToit
- Re: [TLS] Warning alert before TLS 1.3 ServerHello Eric Rescorla
- Re: [TLS] Warning alert before TLS 1.3 ServerHello Martin Thomson
- Re: [TLS] Warning alert before TLS 1.3 ServerHello Viktor Dukhovni
- Re: [TLS] Warning alert before TLS 1.3 ServerHello Martin Thomson
- Re: [TLS] Warning alert before TLS 1.3 ServerHello R duToit
- Re: [TLS] Warning alert before TLS 1.3 ServerHello Martin Thomson