But it actually sends an SH? That seems odd and kind of an ambiguous point in the spec.
-Ekr On Wed, May 9, 2018 at 10:14 AM, Roelof duToit <r@nerd.ninja> wrote: > In one of our tests OpenSSL 1.1.1-dev sends an unrecognized_name warning > alert before a TLS 1.3 (draft 26) ServerHello. Alert level is supposed to > be implicit in TLS 1.3, but in this case it is ambiguous. Should it even > be considered a “TLS 1.3 alert” given that it arrives before the protocol > version is confirmed? > > TLS 1.3 draft section 6 states that "All the alerts listed in Section 6.2 > MUST be sent with AlertLevel=fatal and MUST be treated as error alerts > regardless of the AlertLevel in the message”. Is the client supposed to > remember that it received a warning level alert and terminate after parsing > the ServerHello? > > —Roelof > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls