illegal_parameter vs protocol_version

tlswg / tls13-spec

TLS 1.3 Specification

565 stars 157 forks source link

illegal_parameter vs protocol_version #1339

Closed kazu-yamamoto closed 6 months ago

kazu-yamamoto commented 7 months ago

Sec 4.1.2. say:

A server which receives a legacy_version value not equal to 0x0303 MUST abort the handshake with an "illegal_parameter" alert.

Why isn't "protocol_version" used?

davidben commented 7 months ago

protocol_version is defined as:

protocol_version: The protocol version the peer has attempted to negotiate is recognized but not supported (see Appendix D).

The wrong value in legacy_version isn't negotiating the wrong version. It's just a syntax error.

kazu-yamamoto commented 7 months ago

But E.2. says:

If the "supported_versions" extension is absent and the server only supports versions greater than ClientHello.legacy_version, the server MUST abort the handshake with a "protocol_version" alert.

In this case, "protocol_version" is used. For simplicity, I would like to recommend "protocol_version" for the case above, too.

ekr commented 6 months ago

Absent more support, I propose to leave this as-is. At worst it's a judgement call and not an interop problem, and so I think out of scope for the 8446-bis effort. Target date: 2/29.