Skip to content
This repository was archived by the owner on Feb 12, 2025. It is now read-only.

miTLS server responds to bad_certificate alert with encrypted alert of decryption_failed_RESERVED #177

Open
oweisse-msft opened this issue Jul 19, 2017 · 3 comments
Open

miTLS server responds to bad_certificate alert with encrypted alert of decryption_failed_RESERVED #177

oweisse-msft opened this issue Jul 19, 2017 · 3 comments
Assignees
@fournet

Comments

@oweisse-msft
Copy link

See also #176.

Is decryption_failed_RESERVED the right response to another alert?
@beurdouche
Copy link
Member

Not if you are using TLS 1.3.

@s-zanella
Copy link
Contributor

This is another case where the server expects an encrypted message but gets a plaintext alert.
A decryption_failed_RESERVED alert must never be sent in TLS 1.3 (we could send decrypt_error instead), but really the server should parse and respond to plaintext alerts before receiving the client's Finished message.

@BarryBo
Copy link

BarryBo commented Jun 1, 2018

Can you follow up on this, to make sure it is addressed during verification? If it is truly a bug in the TLS 1.3 codepath.

# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@fournet fournet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@beurdouche @s-zanella @fournet @BarryBo @oweisse-msft