You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upon receipt of a HelloRetryRequest, the client MUST check the legacy_version, legacy_session_id_echo, cipher_suite, and legacy_compression_method as specified in Section 4.1.3
but
Section 4.1.3 defines no checks for legacy_version nor legacy_compression_method
Specifically, we have (RFC8446)
...the legacy_version field MUST be set to 0x0303...
and
legacy_compression_method: A single byte which MUST have the value 0.
neither of which are checks, whereas
A client which receives a legacy_session_id_echo field that does not match what it sent in the ClientHello MUST abort the handshake with an "illegal_parameter" alert.
and
A client which receives a cipher suite that was not offered MUST abort the handshake with an "illegal_parameter" alert.
i.e, clients perform checks on legacy_session_id_echo and illegal_parameter, but not legacy_version nor legacy_compression_method. Either (1) wording in Section 4.1.4 should state checks if needed, (2) revise Section 4.1.4 as follows "Upon receipt of a HelloRetryRequest, the client MUST check the legacy_session_id_echo and cipher_suite as specified in Section 4.1.3." or (3) I've misunderstood.
The text was updated successfully, but these errors were encountered:
Errata 6136
but
Specifically, we have (RFC8446)
and
neither of which are checks, whereas
and
i.e, clients perform checks on legacy_session_id_echo and illegal_parameter, but not legacy_version nor legacy_compression_method. Either (1) wording in Section 4.1.4 should state checks if needed, (2) revise Section 4.1.4 as follows "Upon receipt of a HelloRetryRequest, the client MUST check the legacy_session_id_echo and cipher_suite as specified in Section 4.1.3." or (3) I've misunderstood.
The text was updated successfully, but these errors were encountered: