RFC Errata
RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2", August 2008
Note: This RFC has been obsoleted by RFC 8446
Source of RFC: tls (sec)
Errata ID: 4007
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: KIKUCHI Masashi
Date Reported: 2014-06-06
Held for Document Update by: Stephen Farrell
Date Held: 2015-03-24
Section 7.3. says:
Note: To help avoid pipeline stalls, ChangeCipherSpec is an independent TLS protocol content type, and is not actually a TLS handshake message.
It should say:
Note: To avoid ChangeCipherSpec being transmitted in mix with other handshake fragments in one record, ChangeCipherSpec is an independent TLS protocol content type, and is not actually a TLS handshake message. To help avoid pipeline stalls, ChangeCipherSpec is sent from both the server and the client.
Notes:
The original text can be read like we can handle ChangeCipherSpec asynchronously.
This is harmful and may be a cause of CCS Injection vulnerability.