RFC Errata
RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2", August 2008
Note: This RFC has been obsoleted by RFC 8446
Note: This RFC has been updated by RFC 5746, RFC 5878, RFC 6176, RFC 7465, RFC 7507, RFC 7568, RFC 7627, RFC 7685, RFC 7905, RFC 7919, RFC 8447, RFC 9155
Source of RFC: tls (sec)
Errata ID: 4007
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: KIKUCHI Masashi
Date Reported: 2014-06-06
Held for Document Update by: Stephen Farrell
Date Held: 2015-03-24
Section 7.3. says:
Note: To help avoid pipeline stalls, ChangeCipherSpec is an independent TLS protocol content type, and is not actually a TLS handshake message.
It should say:
Note: To avoid ChangeCipherSpec being transmitted in mix with other handshake fragments in one record, ChangeCipherSpec is an independent TLS protocol content type, and is not actually a TLS handshake message. To help avoid pipeline stalls, ChangeCipherSpec is sent from both the server and the client.
Notes:
The original text can be read like we can handle ChangeCipherSpec asynchronously.
This is harmful and may be a cause of CCS Injection vulnerability.