errata logo graphic

Found 2 records.

Status: Reported (1)

RFC2246, "The TLS Protocol Version 1.0", January 1999

Note: This RFC has been obsoleted by RFC4346

Source of RFC: tls (sec)

Errata ID: 3481

Status: Reported
Type: Technical

Reported By: Martin Rex
Date Reported: 2013-02-08

Section 8.1.2 says:

8.1.2. Diffie-Hellman

   A conventional Diffie-Hellman computation is performed. The
   negotiated key (Z) is used as the pre_master_secret, and is converted
   into the master_secret, as specified above.

It should say:

8.1.2. Diffie-Hellman

   A conventional Diffie-Hellman computation is performed.  The
   negotiated key (Z) is used as the pre_master_secret, and is converted
   into the master_secret, as specified above.  Leading bytes of Z that
   contain all zero bits are stripped before it is used as the
   pre_master_secret.

Notes:

Adopting the clarification from rfc4346 Section 8.1.2. Not stripping the leading zero bits of Z will cause interop problems (handshake failures) with the installed base. Rfc2246 is still the authoritative spec for TLSv1.0. One can not implement TLSv1.0 from rfc4346.


Status: Held for Document Update (1)

RFC2246, "The TLS Protocol Version 1.0", January 1999

Note: This RFC has been obsoleted by RFC4346

Source of RFC: tls (sec)

Errata ID: 3482

Status: Held for Document Update
Type: Editorial

Reported By: Florian Maury
Date Reported: 2013-02-11
Held for Document Update by: Sean Turner

Section 7.4.9. says:

The hash contained in finished messages sent by the server
incorporate Sender.server; those sent by the client incorporate
Sender.client. The value handshake_messages includes all handshake
messages starting at client hello up to, but not including, this
finished message. This may be different from handshake_messages in
Section 7.4.8 because it would include the certificate verify message
(if sent). Also, the handshake_messages for the finished message sent
by the client will be different from that for the finished message
sent by the server, because the one which is sent second will include
the prior one.

It should say:

The value handshake_messages includes all handshake messages starting
at client hello up to, but not including, this finished message. This 
may be different from handshake_messages in Section 7.4.8 because it 
would include the certificate verify message (if sent). Also, the
handshake_messages for the finished message sent by the client will 
be different from that for the finished message sent by the server, 
because the one which is sent second will include the prior one.

Notes:

The sentence about Sender.client and Sender.server is a remainder from the draft 2 and previous versions. The verification computation changed between draft 2 and draft 3 (as showed by rfcdiff http://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-tls-protocol-03.txt ) but the sentence remained. It should be stripped as the Sender enumerated type is not even declared anymore.


Report New Errata