RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4346, "The Transport Layer Security (TLS) Protocol Version 1.1", April 2006

Note: This RFC has been obsoleted by RFC 5246

Source of RFC: tls (sec)

Errata ID: 1896
Status: Verified
Type: Technical

Reported By: Alfred Hoenes
Date Reported: 2006-05-29
Verifier Name: Pasi Eronen
Date Verified: 2009-10-14

Section 7.2.2 says:

   decryption_failed
      This alert MAY be returned if a TLSCiphertext decrypted in an
      invalid way: either it wasn't an even multiple of the block
      length, or its padding values, when checked, weren't correct.
      This message is always fatal.

   Note: Differentiating between bad_record_mac and decryption_failed
         alerts may permit certain attacks against CBC mode as used in
         TLS [CBCATT].  It is preferable to uniformly use the
         bad_record_mac alert to hide the specific type of the error.

It should say:

   decryption_failed
      This alert was used in TLS version 1.0, and MUST NOT be sent in
      TLS 1.1.

   Note: Differentiating between bad_record_mac and decryption_failed
         alerts may have permitted certain attacks against CBC mode 
         as used in TLS 1.0 [CBCATT].  It is preferable to uniformly 
         use the bad_record_mac alert to hide the specific type of 
         the error.

Notes:

(split off from Errata ID 117 )

The original text contradicted the text for bad_record_mac
("This alert also MUST be returned if an alert is sent because
a TLSCiphertext decrypted in an invalid way").

Report New Errata