[gnutls-devel] GnuTLS | Fix interleaved handshake handling in TLS 1.3 (!708)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Aug 1 14:04:49 CEST 2018
Daiki Ueno commented on a discussion on lib/record.c:
> record_check_version(session, htype, record->version)) < 0)
> return gnutls_assert_val(ret);
>
> - if (record->length == 0 || record->length > max_record_recv_size(session)) {
> + /* Checks for empty records are done after decryption, in
That is to distinguish the following cases:
- an empty Handshake message follows an incomplete Handshake message
- an empty Application Data message follows an incomplete Handshake message.
Both cases are error, but the latter should send unexpected_message alert. Note that under TLS 1.3, all encrypted records have the Application Data content type, and it is not possible to determine the actual content type at this point.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/708#note_91815421
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180801/341f532c/attachment.html>
More information about the Gnutls-devel
mailing list