Commit 5e76c66
committed
F-5818: don't invalidate the session on an unauthenticated alert
DoAlert evicted the cached session from the fatal-alert handling that runs
before the plaintext-under-encryption validation, so a forged TLS 1.3
plaintext alert injected on an established connection evicted the session
(forcing a full handshake on reconnect) even though the alert is then
rejected as PARSE_ERROR. The unexpected_message teardown sent in response
also evicted through the SendAlert hook.
Move the receive-side eviction past the validation, into the branch that
processes a genuine alert, and have InvalidateSessionOnFatalAlert refuse to
evict for a TLS 1.3 plaintext alert received while encryption is on (the
current record was not decrypted) - covering both the receive path and the
unexpected_message teardown sent in response. RFC 8446 6.2 does not require
TLS 1.3 invalidation, so this loses nothing; TLS 1.2 (RFC 5246 7.2.2) is
unaffected.1 parent 2352d73 commit 5e76c66
1 file changed
Lines changed: 17 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
22527 | 22527 | | |
22528 | 22528 | | |
22529 | 22529 | | |
| 22530 | + | |
| 22531 | + | |
| 22532 | + | |
| 22533 | + | |
| 22534 | + | |
| 22535 | + | |
| 22536 | + | |
| 22537 | + | |
22530 | 22538 | | |
22531 | 22539 | | |
22532 | 22540 | | |
| |||
22593 | 22601 | | |
22594 | 22602 | | |
22595 | 22603 | | |
22596 | | - | |
22597 | | - | |
22598 | | - | |
22599 | | - | |
22600 | | - | |
22601 | | - | |
22602 | | - | |
22603 | | - | |
22604 | | - | |
22605 | 22604 | | |
22606 | 22605 | | |
22607 | 22606 | | |
| |||
22646 | 22645 | | |
22647 | 22646 | | |
22648 | 22647 | | |
| 22648 | + | |
| 22649 | + | |
| 22650 | + | |
| 22651 | + | |
| 22652 | + | |
| 22653 | + | |
| 22654 | + | |
| 22655 | + | |
| 22656 | + | |
22649 | 22657 | | |
22650 | 22658 | | |
22651 | 22659 | | |
| |||
0 commit comments