Merge pull request #499 from tlsfuzzer/plain-text-alerts

allow unencrypted alerts just before encrypted messages
tlsfuzzer · Aug 4, 2023 · eace860 · eace860
2 parents 46403b1 + 5056319
commit eace860
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/tlslite/recordlayer.py b/tlslite/recordlayer.py
@@ -922,6 +922,15 @@ def recvRecord(self):
                 elif self._is_tls13_plus() and \
                         header.type == ContentType.change_cipher_spec:
                     pass
+                # when we're in the early handshake, then unencrypted alerts
+                # are fine too
+                elif self._is_tls13_plus() and \
+                        header.type == ContentType.alert and \
+                        len(data) < 3 and \
+                        self._readState and \
+                        self._readState.encContext and \
+                        self._readState.seqnum == 0:
+                    pass
                 elif self._readState and \
                     self._readState.encContext and \
                     self._readState.encContext.isAEAD:
@@ -957,10 +966,10 @@ def recvRecord(self):
             # start checking the MACs
             self.early_data_ok = False
 
-            # TLS 1.3 encrypts the type, CCS is not encrypted
+            # TLS 1.3 encrypts the type, CCS and Alerts are not encrypted
             if self._is_tls13_plus() and self._readState and \
                     self._readState.encContext and\
-                    header.type != ContentType.change_cipher_spec:
+                    header.type == ContentType.application_data:
                 # check if plaintext is not too big, RFC 8446, section 5.4
                 if len(data) > self.recv_record_limit + 1:
                     raise TLSRecordOverflow()