RFC Errata

Errata Search
RFC Number:		Errata ID:

Source of RFC		Status:
Area Acronym:		Type:
WG Acronym:		Submitter Name:
Other:		Date Submitted:
Summary Table Full Records

RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2", August 2008

Note: This RFC has been obsoleted by RFC 8446

Source of RFC: tls (sec)

Errata ID: 4007
Status: Held for Document Update
Type: Technical

Reported By: KIKUCHI Masashi
Date Reported: 2014-06-06
Held for Document Update by: Stephen Farrell
Date Held: 2015-03-24

Section 7.3. says:

Note: To help avoid pipeline stalls, ChangeCipherSpec is an
   independent TLS protocol content type, and is not actually a TLS
   handshake message.

It should say:

Note: To avoid ChangeCipherSpec being transmitted in mix with
   other handshake fragments in one record, ChangeCipherSpec is
   an independent TLS protocol content type, and is not actually
   a TLS handshake message.  To help avoid pipeline stalls, 
   ChangeCipherSpec is sent from both the server and the client.

Notes:

The original text can be read like we can handle ChangeCipherSpec asynchronously.
This is harmful and may be a cause of CCS Injection vulnerability.

Report New Errata

Search RFCs

RFC Editor

The Series

For Authors

Sponsor

RFC Errata

Errata Search

RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2", August 2008