RFC Errata
RFC 8446, "The Transport Layer Security (TLS) Protocol Version 1.3", August 2018
Source of RFC: tls (sec)
Errata ID: 6820
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Leander Schwarz
Date Reported: 2022-01-21
Held for Document Update by: Paul Wouters
Date Held: 2024-04-05
Section 6.2 says:
unsupported_extension: Sent by endpoints receiving any handshake message containing an extension known to be prohibited for inclusion in the given handshake message, or including any extensions in a ServerHello or Certificate not first offered in the corresponding ClientHello or CertificateRequest.
It should say:
unsupported_extension: Sent by endpoints receiving any handshake message containing an extension in a ServerHello or Certificate not first offered in the corresponding ClientHello or CertificateRequest.
Notes:
The definition of the unsupported_extension alert in section 6.2 contradicts the statements in section 4.2:
If an implementation receives an extension
which it recognizes and which is not specified for the message in
which it appears, it MUST abort the handshake with an
"illegal_parameter" alert.
While this might not be inconsistent due to the "abort the handshake with an X alert" specification at the beginning of section 6.2, it might lead to confusion. (see https://mailarchive.ietf.org/arch/msg/tls/hGOGWZRMg718mWqOZ06LwjV9360/).
Paul Wouters(AD): Currently discussed at:
https://github.com/tlswg/tls13-spec/issues/1352
https://github.com/tlswg/tls13-spec/pull/1353