On Mon, Feb 12, 2018 at 6:10 AM, Hubert Kario <hka...@redhat.com> wrote:
> Rules for CCS messages in record layer are missing, allowing in theory > sending > multiple CCS messages in a single record layer > > I've proposed a PR that requires the same kind of processing rules for CCS > and > Alert messages: https://github.com/tlswg/tls13-spec/pull/1146 - no > fragmentation and no coalescing. That automatically solves the empty CCS > record case. > https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#record-protocol "An implementation may receive an unencrypted record of type change_cipher_spec consisting of the single byte value 0x01 at any time after the first ClientHello message has been sent or received and before the peer’s Finished message has been received and MUST simply drop it without further processing. Note that this record may appear at a point at the handshake where the implementation is expecting protected records and so it is necessary to detect this condition prior to attempting to deprotect the record. An implementation which receives any other change_cipher_spec value..." And of course Alert already has this rule: "Alert messages (Section 6 <https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#alert-protocol>) MUST NOT be fragmented across records and multiple Alert messages MUST NOT be coalesced into a single TLSPlaintext record. In other words, a record with an Alert type MUST contain exactly one message." -Ekr > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
