RFC Errata
RFC 2246, "The TLS Protocol Version 1.0", January 1999
Note: This RFC has been obsoleted by RFC 4346
Note: This RFC has been updated by RFC 3546, RFC 5746, RFC 6176, RFC 7465, RFC 7507, RFC 7919
Source of RFC: tls (sec)
Errata ID: 3481
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Martin Rex
Date Reported: 2013-02-08
Rejected by: Stephen Farrell
Date Rejected: 2014-05-08
Section 8.1.2 says:
8.1.2. Diffie-Hellman A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above.
It should say:
8.1.2. Diffie-Hellman A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above. Leading bytes of Z that contain all zero bits are stripped before it is used as the pre_master_secret.
Notes:
Adopting the clarification from rfc4346 Section 8.1.2. Not stripping the leading zero bits of Z will cause interop problems (handshake failures) with the installed base. Rfc2246 is still the authoritative spec for TLSv1.0. One can not implement TLSv1.0 from rfc4346.
--VERIFIER NOTES--
We don't post errata for things fixed when an RFC is obsoleted.