RFC Errata
Found 2 records.
Status: Held for Document Update (1)
RFC 2246, "The TLS Protocol Version 1.0", January 1999
Note: This RFC has been obsoleted by RFC 4346
Note: This RFC has been updated by RFC 3546, RFC 5746, RFC 6176, RFC 7465, RFC 7507, RFC 7919
Source of RFC: tls (sec)
Errata ID: 3482
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Florian Maury
Date Reported: 2013-02-11
Held for Document Update by: Sean Turner
Section 7.4.9. says:
The hash contained in finished messages sent by the server incorporate Sender.server; those sent by the client incorporate Sender.client. The value handshake_messages includes all handshake messages starting at client hello up to, but not including, this finished message. This may be different from handshake_messages in Section 7.4.8 because it would include the certificate verify message (if sent). Also, the handshake_messages for the finished message sent by the client will be different from that for the finished message sent by the server, because the one which is sent second will include the prior one.
It should say:
The value handshake_messages includes all handshake messages starting at client hello up to, but not including, this finished message. This may be different from handshake_messages in Section 7.4.8 because it would include the certificate verify message (if sent). Also, the handshake_messages for the finished message sent by the client will be different from that for the finished message sent by the server, because the one which is sent second will include the prior one.
Notes:
The sentence about Sender.client and Sender.server is a remainder from the draft 2 and previous versions. The verification computation changed between draft 2 and draft 3 (as showed by rfcdiff http://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-tls-protocol-03.txt ) but the sentence remained. It should be stripped as the Sender enumerated type is not even declared anymore.
Status: Rejected (1)
RFC 2246, "The TLS Protocol Version 1.0", January 1999
Note: This RFC has been obsoleted by RFC 4346
Note: This RFC has been updated by RFC 3546, RFC 5746, RFC 6176, RFC 7465, RFC 7507, RFC 7919
Source of RFC: tls (sec)
Errata ID: 3481
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Martin Rex
Date Reported: 2013-02-08
Rejected by: Stephen Farrell
Date Rejected: 2014-05-08
Section 8.1.2 says:
8.1.2. Diffie-Hellman A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above.
It should say:
8.1.2. Diffie-Hellman A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above. Leading bytes of Z that contain all zero bits are stripped before it is used as the pre_master_secret.
Notes:
Adopting the clarification from rfc4346 Section 8.1.2. Not stripping the leading zero bits of Z will cause interop problems (handshake failures) with the installed base. Rfc2246 is still the authoritative spec for TLSv1.0. One can not implement TLSv1.0 from rfc4346.
--VERIFIER NOTES--
We don't post errata for things fixed when an RFC is obsoleted.