Bug 1274801

TLS 1.3: Generate right alert for records with no content type

NEW

Unassigned

Get help with this page

Status

Product:

Component:

Importance:

normal

Status:

NEW

Reported:

2 years ago

Modified:

a year ago

People

(Reporter: ekr, Unassigned)

Tracking

Version:

3.18

Target:

---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

wip 2 years ago Franziskus Kiefer [:fkiefer or :franziskus] 2.20 KB, patch		Details \| Diff \| Splinter Review

Eric Rescorla (:ekr)

(Reporter)

Description

•

2 years ago

The spec says:

Implementations MUST limit their scanning to the cleartext returned
from the AEAD decryption.  If a receiving implementation does not find
a non-zero octet in the cleartext, it should treat the record as
having an unexpected ContentType, sending an "unexpected_message"
alert.


But we use bad_record_mac

Franziskus Kiefer [:fkiefer or :franziskus]

Comment 1

•

2 years ago

Created attachment 8760607 [details] [diff] [review]
wip

Tim Taubert [:ttaubert] (inactive)

Updated

•

a year ago

Priority: -- → P3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

TLS 1.3: Generate right alert for records with no content type

Status

People

(Reporter: ekr, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Security

(public)

User Story

Attachments

(1 attachment)

Description

Comment 1

Updated