crypto/tls: server should send a illegal_parameter
alert when it received an invalid ECHClientHello.type
#71061
Labels
FixPending
Issues that have a fix which has not yet been reviewed or submitted.
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
Go version
go version 1.24rc1
Output of
go env
in your module/workspace:What did you do?
I am testing ECH in go1.24rc1. I noticed that the server aborts the handshake with a
decode_error
alert if the client sends an invalidECHClientHello.type
.In section 7, the draft indicates an invalid
ECHClientHello.type
should generate anillegal_parameter
alert.https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-7-5
What did you see happen?
I implemented an ECH TLS server using the "go1.24rc1" tag. The following is the implementation code for the server.
https://github.com/thekuwayama/sample_ech_server
I am developing a conformance testing tool for ECH implementation.
I used the tool and confirmed that when a client sends an invalid
ECHClientHello.type
inClientHelloOuter
, the server aborts the handshake with adecode_error
alert.What did you expect to see?
I think the server should abort the handshake with an
illegal_parameter
alert if the client sends an invalidECHClientHello.type
.The following is a related comment.
https://go-review.googlesource.com/c/go/+/623576/8..16/src/crypto/tls/ech.go#b490
The text was updated successfully, but these errors were encountered: