On Wed, Jul 22, 2015 at 9:39 PM, Dave Garrett <[email protected]> wrote: > Hubert Kairo found quite a few more spots in need of explicit error > designations, which have been amended into PR #201. > https://github.com/tlswg/tls13-spec/pull/201 > > I just noticed one error in the current draft text that was wrong and added a > fix for that as well. The Server Hello section said that lack of acceptable > group would result in an "insufficient_security" error, which is incorrect. > That error is clearly defined to be for lack of acceptable cipher suite. The > Negotiated Groups section says lack of acceptable group is a > “handshake_failure” error. I changed the text to state the error for suites, > as the other is already noted elsewhere. (this change is now in PR #201) This > brings up a problem, however: there is no distinct error for lack of group > support. The “handshake_failure” is a bit of a catchall, so there's no way > for a client to really know what's wrong if this happens. This is also why I > don't want to change the definition of the "insufficient_security" error. > Clients rely on these being relatively precise in order to show error > messages that are hopefully meaningful enough to get them fixed. As such, I'd > like to propose adding a new error just for this and renaming the old one to > focus precisely on its long defined meaning. While we're at it, a failure of > client authentication doesn't have its own error alert code either. > > enum { > handshake_failure(40), > unsupported_cipher_suites(71), /* formerly insufficient_security */ > unsupported_dh_groups(72), /* new */ > client_authentication_failure(73), /* new */ > (255) > } AlertDescription; > > Pretty straightforward. Are there any other errors that can't be clearly > identified by the returned code? Debugging shouldn't be guesswork. ;) > Alert 40 shows up frequently in my debugging experiences. A few things can cause it. It would be nice to see that one broken out.
Jeff _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
