Closed Bug 1339418 Opened 7 years ago Closed 7 years ago

Reject ALPN response selecting a protocol we didn't advertise

Categories

(NSS :: Test, defect)

Product:
NSS
Component:
Test
Version:
3.31
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ttaubert, Assigned: mt)

References

Details

BoGo tests ALPNClient-Mismatch-TLS1*.
And so that we don't lose the comment I made about this test case and TLS 1.3...

Tim asked if we plan to fix the alerting issue that means that this is still disabled for TLS 1.3.

I don't plan to. There is some disagreement about how to implement the protocol here. Boring changes to writing with handshake traffic keys when it is reading messages encrypted under handshake traffic keys. But that isn't compatible with our position on 0-RTT, where we delay a cipher spec changeover until we have the entire server handshake. If we want to preserve our performance advantage (i.e., sending 0-RTT for as long as necessary), then it's quite complicated to "fix" this.

Also, alerts are most useful when they can be used for debugging purposes and having them in the clear is good for that. You might disagree on the basis that we are leaking information, but we shouldn't be sending these alerts anyway. We're only sending them to a broken server AND the handshake isn't complete, so we can't even be sure that it's the real server.

https://hg.mozilla.org/projects/nss/rev/fa7e3e2a524c4e03e1ea5dc4e5b18db19c778e8c
Assignee: nobody → martin.thomson
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Version: trunk → 3.31
You need to log in before you can comment on or make changes to this bug.