RFC Errata
RFC 4346, "The Transport Layer Security (TLS) Protocol Version 1.1", April 2006
Note: This RFC has been obsoleted by RFC 5246
Note: This RFC has been updated by RFC 4366, RFC 4680, RFC 4681, RFC 5746, RFC 6176, RFC 7465, RFC 7507, RFC 7919
Source of RFC: tls (sec)See Also: RFC 4346 w/ inline errata
Errata ID: 1896
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2006-05-29
Verifier Name: Pasi Eronen
Date Verified: 2009-10-14
Section 7.2.2 says:
decryption_failed This alert MAY be returned if a TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length, or its padding values, when checked, weren't correct. This message is always fatal. Note: Differentiating between bad_record_mac and decryption_failed alerts may permit certain attacks against CBC mode as used in TLS [CBCATT]. It is preferable to uniformly use the bad_record_mac alert to hide the specific type of the error.
It should say:
decryption_failed This alert was used in TLS version 1.0, and MUST NOT be sent in TLS 1.1. Note: Differentiating between bad_record_mac and decryption_failed alerts may have permitted certain attacks against CBC mode as used in TLS 1.0 [CBCATT]. It is preferable to uniformly use the bad_record_mac alert to hide the specific type of the error.
Notes:
(split off from Errata ID 117 )
The original text contradicted the text for bad_record_mac
("This alert also MUST be returned if an alert is sent because
a TLSCiphertext decrypted in an invalid way").