Merge pull request #1364 from ekr/issue1355_errata_6136

Specify checks for legacy_version and legacy_compression_method. Fixes #1355
tlswg · Aug 5, 2024 · ec3aa9f · ec3aa9f
2 parents 659cd26 + a40fc49
commit ec3aa9f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md
@@ -1511,6 +1511,9 @@ legacy_version:
   and the legacy_version field MUST
   be set to 0x0303, which is the version number for TLS 1.2.
   (See {{backward-compatibility}} for details about backward compatibility.)
+  A client which receives a TLS 1.3 Server Hello with a legacy_version
+  value not equal to 0x0303 MUST abort the handshake with an
+  "illegal_parameter" alert.
 
 random:
 : 32 bytes generated by a secure random number generator.
@@ -1537,7 +1540,9 @@ cipher_suite:
   alert.
 
 legacy_compression_method:
-: A single byte which MUST have the value 0.
+: A single byte which MUST have the value 0. If a TLS 1.3 ClientHello
+  is received with any other value in this field, the server MUST
+  abort the handshake with an "illegal_parameter" alert.
 
 extensions:
 : A list of extensions.  The ServerHello MUST only include extensions