[gnutls-devel] GnuTLS | GnuTLS sends protocol_version alert when client message contains unrecognized version (#1230)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue May 11 19:05:24 CEST 2021

Hubert Kario (@mention me if you need reply) commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1230#note_572903471

Actually RFC 8446 is quite clear on this, see https://datatracker.ietf.org/doc/html/rfc8446#page-79:
   legacy_record_version:  MUST be set to 0x0303 for all records
      generated by a TLS 1.3 implementation other than an initial
      ClientHello (i.e., one not generated after a HelloRetryRequest),
      where it MAY also be 0x0301 for compatibility purposes.  This
      field is deprecated and MUST be ignored for all purposes.
      Previous versions of TLS would use other values in this field
      under some circumstances.

The key sentence being "MUST be ignored for all purposes".

As such, the message should be parsed by GnuTLS as well-formed Alert, but since the client MUST send ClientHello as the first message, the GnuTLS server should abort with `unexpected_message`.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1230#note_572903471
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210511/bcd9924f/attachment-0001.html>

More information about the Gnutls-devel mailing list