In one of our tests OpenSSL 1.1.1-dev sends an unrecognized_name warning alert before a TLS 1.3 (draft 26) ServerHello. Alert level is supposed to be implicit in TLS 1.3, but in this case it is ambiguous. Should it even be considered a “TLS 1.3 alert” given that it arrives before the protocol version is confirmed?
TLS 1.3 draft section 6 states that "All the alerts listed in Section 6.2 MUST be sent with AlertLevel=fatal and MUST be treated as error alerts regardless of the AlertLevel in the message”. Is the client supposed to remember that it received a warning level alert and terminate after parsing the ServerHello? —Roelof _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
