On Mon, Feb 12, 2018 at 6:10 AM, Hubert Kario <hka...@redhat.com> wrote:

> Rules for CCS messages in record layer are missing, allowing in theory
> sending
> multiple CCS messages in a single record layer
> I've proposed a PR that requires the same kind of processing rules for CCS
> and
> Alert messages: https://github.com/tlswg/tls13-spec/pull/1146 - no
> fragmentation and no coalescing. That automatically solves the empty CCS
> record case.


"An implementation may receive an unencrypted record of type
change_cipher_spec consisting of the single byte value 0x01 at any time
after the first ClientHello message has been sent or received and before
the peer’s Finished message has been received and MUST simply drop it
without further processing. Note that this record may appear at a point at
the handshake where the implementation is expecting protected records and
so it is necessary to detect this condition prior to attempting to
deprotect the record. An implementation which receives any other
change_cipher_spec value..."

And of course Alert already has this rule:
"Alert messages (Section 6
MUST NOT be fragmented across records and multiple Alert messages MUST NOT
be coalesced into a single TLSPlaintext record. In other words, a record
with an Alert type MUST contain exactly one message."


> --
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
TLS mailing list

Reply via email to