On Thu, Nov 5, 2015 at 2:27 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> I thought of following scenario: > > Client: ClientHello+0RTT > Server: 0RTT rejected. Fallback to 1RTT. > Server: (Drains 0-RTT records) > Client: Finished (corrupted in transit) > Client: Appdata (request for something) > Server: (Drains corrupt finished as 0-RTT record) > Server: (Drains appdata as 0-RTT record) > Client: (Waiting for response from server, handshake finished) > Server: (Waiting for Client Finished, handshake in progress) > *Deadlock?* > > > Can this actually happen? Or is it considered "too unlikely"? > Yes, this can happen, but there are much simpler deadlock scenarios in TLS if you allow for data corruption. Consider what happens if the client sends a ClientHello and the length bytes get changed from 128 to 129. The server will just sit there waiting for the rest. -Ekr > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
