Open oweisse-msft opened 7 years ago
Not if you are using TLS 1.3.
This is another case where the server expects an encrypted message but gets a plaintext alert.
A decryption_failed_RESERVED
alert must never be sent in TLS 1.3 (we could send decrypt_error
instead), but really the server should parse and respond to plaintext alerts before receiving the client's Finished message.
Can you follow up on this, to make sure it is addressed during verification? If it is truly a bug in the TLS 1.3 codepath.
See also https://github.com/mitls/mitls-fstar/issues/176.
Is decryption_failed_RESERVED the right response to another alert?