Use a reasonable record version for close_notify sent before version negotiation #1734

raycoll · 2020-04-03T02:54:53Z

Problem:

If an application acting as a server calls s2n_shutdown before it receives a complete ClientHello handshake message from the client, s2n will send a close_notify alert record with record version 0x00, 0x00. Receivers are unlikely to handle to handle this record correctly and may mischaractize the reason for connection closure(Closure exception vs parsing exception).

Proposed Solution:

Pick a default record version for records sent before versions are negotiated. Since TLS 1.3 freezes record version to be 0x0303, I recommend using that.

The text was updated successfully, but these errors were encountered:

raycoll · 2020-04-03T02:56:06Z

one could argue that an application shouldn't call s2n_shutdown before version negotiation is complete, however the spec is not clear here

raycoll changed the title ~~Use a reasonable record version for close_notify sent before ClientHello~~ Use a reasonable record version for close_notify sent before version negotiation Apr 3, 2020

zaherd assigned lrstewart Nov 7, 2022

lrstewart mentioned this issue Jan 5, 2023

Ensure non-zero record protocol version #3744

Merged

lrstewart closed this as completed in #3744 Jan 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use a reasonable record version for close_notify sent before version negotiation #1734

Use a reasonable record version for close_notify sent before version negotiation #1734

raycoll commented Apr 3, 2020

raycoll commented Apr 3, 2020

Use a reasonable record version for close_notify sent before version negotiation #1734

Use a reasonable record version for close_notify sent before version negotiation #1734

Comments

raycoll commented Apr 3, 2020

Problem:

Proposed Solution:

raycoll commented Apr 3, 2020