On Tuesday, 24 October 2017 02:42:01 CET Andrei Popov wrote: > Draft-21 says: > "Handshake messages MUST NOT span key changes. Implementations > MUST verify that all messages immediately preceding a key change > align with a record boundary; if not, then they MUST terminate the > connection with an "unexpected_message" alert. Because the > ClientHello, EndOfEarlyData, ServerHello, Finished, and KeyUpdate > messages can immediately precede a key change, implementations > MUST send these messages in alignment with a record boundary." > > It is not clear to me what "sending messages in alignment with a record > boundary" means.
Reminder: a single record layer message can include multiple handshake messages. In particular, it can include only a part of a single message (beginning, middle or end). To answer the question: it means that the last record message with handshake message content must have included the end part of that handshake message and first byte of a "key change" message needs to be the first byte of a record message. Note that this is a change from TLS1.2 where for renegotiation, the application data could continue to be transmitted during the handshake and be interspaced with handshake messages, and the handshake messages could be fragmented. > Does it mean that each record is either all plaintext or > all encrypted with key X? > > And therefore one cannot combine, e.g., > ServerHello (plaintext) and EncryptedExtensions (encrypted with the > handshake traffic key) messages in one record? given that it's the record layer that is encryped, not the handshake message, I'm not sure how would you put an unencrypted and encrypted handshake message into a single record... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
