(was Re: [TLS] PR#625: Change alert requirements)
Digging up an old sub-thread...
On 09/20/2016 08:03 AM, Eric Rescorla wrote:
>
> in Record Layer there's the following text:
>
> legacy_record_version : This value MUST be set to { 3, 1 } for all
> records. This field is deprecated and MUST be ignored for all
> purposes.
>
> in Record Layer Protection there's the following text:
>
> legacy_record_version : The legacy_record_version field is
> identical to
> TLSPlaintext.legacy_record_version and is always { 3, 1 }.
> Note that the
> handshake protocol including the ClientHello and ServerHello
> messages
> authenticates the protocol version, so this value is redundant.
>
> which doesn't say if the version can be ignored completely
> (skipped while
> parsing) or if it should be verified.
>
>
> These are different fields.
>
There's still the question of whether the receiver should enforce 0x0301
in either/both cases.
OpenSSL is implementing and seems to be reading the spec that it MUST be
ignored (even though I guess strictly speaking that MUST only applies
before record protection is engaged); if I'm doing my code survey
correctly, Mint and NSS always enforce, and Boring only checks the first
octet.
Is there a reason to not do strict enforcement?
-Ben
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
