- [S] upon receiving a ClientHello that only offers a legacy version not supported by NSS server. NSS sends a 'handshake failure'
- RFC 8446, Appendix D.2
>If the "supported_versions" extension is absent and the
server only supports versions greater than
ClientHello.legacy_version, the server MUST abort the handshake with
a "protocol_version" alert.
- [S] upon receiving a ClientHello with an EcPointFormats extension that only contains compressed or undefined point formats. NSS sends a 'handshake failure'
- RFC 8422, Section 5.1.2: Supported Point Formats Extension
>If the client sends the extension and the extension does not contain
the uncompressed point format, and the client has used the Supported
Groups extension to indicate support for any of the curves defined in
this specification, then the server MUST abort the handshake and
return an illegal_parameter alert.
- NOTE: RFC 8422 is a specification for TLS 1.2 and earlier!
Bug 1765753 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
- [S] upon receiving a ClientHello that only offers a legacy version not supported by NSS server. NSS sends a 'handshake failure'
- RFC 8446, Appendix D.2
>If the "supported_versions" extension is absent and the
server only supports versions greater than
ClientHello.legacy_version, the server MUST abort the handshake with
a "protocol_version" alert.
- [S] upon receiving a ClientHello with an EcPointFormats extension that only contains compressed or undefined point formats. NSS sends a 'handshake failure'
- RFC 8422, Section 5.1.2: Supported Point Formats Extension
>If the client sends the extension and the extension does not contain
the uncompressed point format, and the client has used the Supported
Groups extension to indicate support for any of the curves defined in
this specification, then the server MUST abort the handshake and
return an illegal_parameter alert.
- NOTE: RFC 8422 is a specification for TLS 1.2 and earlier!
Bugs originally reported in [Bug 1714579](https://bugzilla.mozilla.org/show_bug.cgi?id=1714579).
- [S] upon receiving a ClientHello that only offers a legacy version not supported by NSS server. NSS sends a 'handshake failure'
- RFC 8446, Appendix D.2
>If the "supported_versions" extension is absent and the
server only supports versions greater than
ClientHello.legacy_version, the server MUST abort the handshake with
a "protocol_version" alert.
- [S] upon receiving a ClientHello with an EcPointFormats extension that only contains compressed or undefined point formats. NSS sends a 'handshake failure'
- RFC 8422, Section 5.1.2: Supported Point Formats Extension
>If the client sends the extension and the extension does not contain
the uncompressed point format, and the client has used the Supported
Groups extension to indicate support for any of the curves defined in
this specification, then the server MUST abort the handshake and
return an illegal_parameter alert.
- NOTE: RFC 8422 is a specification for TLS 1.2 and earlier!
- [C] NSS does not accept an invalid legacy version (such as 0x0304 and 0x0505) set in the ServerHello when TLS 1.3 is negotiated
- RFC8446, Section 4.2.1 does specify only that the ServerHello.legacy_version MUST be set to 0x303 (TLS 1.2) but does not state that the client needs to check this or the connection needs to be terminated/alerts to be sent.
Bugs originally reported in [Bug 1714579](https://bugzilla.mozilla.org/show_bug.cgi?id=1714579).