Wrong alert returned when client doesn't provide "signature_algorithms"

cloudflare / tls-tris

crypto/tls, now with 100% more 1.3. THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.

Other

291 stars 51 forks source link

Wrong alert returned when client doesn't provide "signature_algorithms" #100

Open kriskwiatkowski opened 6 years ago

kriskwiatkowski commented 6 years ago

Draft of TLS 1.3 says in 4.2.3:

If a server is authenticating via a
   certificate and the client has not sent a "signature_algorithms"
   extension, then the server MUST abort the handshake with a
   "missing_extension" alert (see Section 9.2).

Currently code doesn't send this code as "missing_extension" alert is not even on a list of alerts