Closed Bug 1294978 Opened 8 years ago Closed 3 years ago

TLS 1.3: Needs to error on over-long records

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ekr, Assigned: leander.schwarz)

References

Details

Attachments

(1 file)

Bug 1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. r?djackson
48 bytes, text/x-phabricator-request
Details | Review
Currently we allow them
Priority: -- → P3
Attachment #9263464 - Attachment description: Bug 1294978 - Added TLS1.3 specific over-long record/ciphertext detection. r=djackson → Bug 1294978 - Added TLS1.3 specific over-long record/ciphertext detection. r?djackson
Attachment #9263464 - Attachment description: Bug 1294978 - Added TLS1.3 specific over-long record/ciphertext detection. r?djackson → Bug 1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. r?djackson
Blocks: 571732
Assignee: nobody → lschwarz

D138529 adds RFC 8446 / TLS 1.3 compliant overlong record or record size checks and the specified alerts. DTLS record layer errors/alerts are dropped as specified in RFC 6347.

https://hg.mozilla.org/projects/nss/rev/f4d2f39068002a69fb0fd98863fc65ff7236b33b

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: