[TLS] TLS Handshake message length too long

Tue, 11 Aug 2015 10:51:19 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have a question regarding the handshake message length.

The 'decode_error' alert in TLS 1.2 is defined as:

   decode_error
      A message could not be decoded because some field was out of the
      specified range or the length of the message was incorrect. (...)

It says that the message "could not be decoded". What should happen
if the specified message length is longer than needed? I.e. the message
was successfully decoded, but the length of the message was incorrect:
there is still some unknown data after the defined structure.

For example, a Finished message has a length of 40 bytes,
but the 'verify_data' array has 32 bytes and there are 8 unknown bytes
remaining in the received message. The 40 bytes I talk about here
is the length specified in the Handshake message header.

Is this also a fatal error?
Should the implementation just drop those bytes and proceed?

On the other hand, there is the 'illegal_parameter' alert:

   illegal_parameter
      A field in the handshake was out of range or inconsistent with
      other fields.  This message is always fatal.

Is this alert suitable for the described scenario?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVx2aPAAoJEDRBz9VZHKuWFOMP/iUyc0+sdyV24EAwCLxSE7+i
pv8cA/TIodpH828p0wgrg+hCWCEB39gH3WMJsw9T4ItRKZZ8B8dFTnrtAWQa3smL
Z+YNCH1wcl03IuF67W0YjMUTPCIFiY0WwYBOI+GIcYzwse7vW+it5hOfILjM1705
1P2DqILZ8mJtrR5GoVKZAor+ynjTUfkrQl7yrR7dz2wpNK4vdgY/UHXupSNLt2QS
lirkzKsUazfZQLzDggNfmUfCugFle3PFatqQShPeSI9QBEO+7rlAgGzPV5FiKPxI
+YxJcQIHvEv47caUp9uv8B/3N2L6RhHSHYNjMaBHGzI+BWGfBq0cjv07HIyvtgzg
fEZJ+5g9hfWjeDSCQ6wYT6G5io5RxydKKkP+Gunbz9FvLNoz7wdK6b7t/pdQXzqh
kp0xXXZfF/psulxIOHmzF3xlGsHz+8iudulNm2OavXBUKXOZFr4QPO6l8wU1KWZ2
6tS2s6c0Hhfyd+lI5w2cP6zFbavmxUzRVd2hkKakIpr18KGEZfIE0eZW9bOvmB32
3nSD1+KLVZDHFAcS2lGH5ubSKbnJl7979j0XZVloi5zfgTCNWES2lffwXABdyvQ5
S5HWnUsPoQCJ98ypp+SEShqFbb0GRjTvZIRpxeb8j2w0onNg2QQCQs6tENaQzYEL
tvDaK+aq+empNxAVbMBP
=3KMw
-----END PGP SIGNATURE-----

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to