[Top] [All Lists]


2008-10-23 03:57:19

On Thu, 23 Oct 2008, Ivar Lumi wrote:
After reading RFC 3207, i found probably non documented item.

For example:
S: 220 Go ahead
C: <starts TLS negotiation>
C & S: <negotiate a TLS session>
C & S: <check result of negotiation>

Now if negotiation fails, whats then ?
Send error ? close connection ?
Whats the proper action ?

RFC 3207 cites/defers to RFC 2246 for the definition of the TLS protocol. 
So follow the rules over in the TLS specification.  To quote RFC 2246:

7.2.2. Error alerts

   Error handling in the TLS Handshake protocol is very simple. When an
   error is detected, the detecting party sends a message to the other
   party. Upon transmission or receipt of an fatal alert message, both
   parties immediately close the connection.  <...>
      Reception of a handshake_failure alert message indicates that the
      sender was unable to negotiate an acceptable set of security
      parameters given the options available.  This is a fatal error.

(Other errors may apply, depending on exactly what you mean by 
"negotiation fails".)

I.e., if your end detects a fatal error, send a fatal error alert and 
close the connection.  If your end receives a fatal error alert, close the 

Philip Guenther

<Prev in Thread] Current Thread [Next in Thread>