[TLS] Warning alert before TLS 1.3 ServerHello

Roelof duToit <r@nerd.ninja> Wed, 09 May 2018 17:14 UTC

Return-Path: <r@nerd.ninja>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id A9D3412D955 for <tls@ietfa.amsl.com>; Wed, 9 May 2018 10:14:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nerd.ninja
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id LJ6TvexbnR5b for <tls@ietfa.amsl.com>; Wed, 9 May 2018 10:14:48 -0700 (PDT)
Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B6C12D94B for <tls@ietf.org>; Wed, 9 May 2018 10:14:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1525886083; s=zoho; d=nerd.ninja; i=r@nerd.ninja; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Message-Id:Date:To; l=702; bh=qpoPm7NnkpnRpW9QFjEJTBkwgRLjLRLake+wohDan2k=; b=sMpnzT7Dx3Q8su+fQX37wkUras/Nj0VLIU6vDNTy84jGif0yVOXJs6no6vVGj/4o Q8xX8b58YGF+o1PacrzndZrWt/bsnMPNwLmztSdKgy/Vqnr2sO8lXb5QYFnOWM3ev3c oYlMH2MsxLnV8VbDlSx6OC46fRz4QxkqhCXM2iSw=
Received: from [] ( []) by mx.zohomail.com with SMTPS id 1525886083078361.94715216269753; Wed, 9 May 2018 10:14:43 -0700 (PDT)
From: Roelof duToit <r@nerd.ninja>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <EB30106F-F089-4A2B-845E-FF560399DD55@nerd.ninja>
Date: Wed, 09 May 2018 13:14:38 -0400
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3273)
X-ZohoMailClient: External
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yjzO04gmgvSCk1VzKHI6iIjw_nQ>
Subject: [TLS] Warning alert before TLS 1.3 ServerHello
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 17:14:50 -0000

In one of our tests OpenSSL 1.1.1-dev sends an unrecognized_name warning alert before a TLS 1.3 (draft 26) ServerHello.  Alert level is supposed to be implicit in TLS 1.3, but in this case it is ambiguous.  Should it even be considered a “TLS 1.3 alert” given that it arrives before the protocol version is confirmed? 

TLS 1.3 draft section 6 states that "All the alerts listed in Section 6.2 MUST be sent with AlertLevel=fatal and MUST be treated as error alerts regardless of the AlertLevel in the message”.   Is the client supposed to remember that it received a warning level alert and terminate after parsing the ServerHello?