From 2ce46ad8cef8909ae9162a429daf8e3d5fc8cb03 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Sun, 16 Feb 2025 08:35:38 -0500 Subject: [PATCH] Change cipher suite alert for 0 length cipher_suites MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From RFC 8446: Note: TLS defines two generic alerts (see Section 6) to use upon failure to parse a message. Peers which receive a message which cannot be parsed according to the syntax (e.g., have a length extending beyond the message boundary or contain an out-of-range length) MUST terminate the connection with a "decode_error" alert. Peers which receive a message which is syntactically correct but semantically invalid (e.g., a DHE share of p - 1, or an invalid enum) MUST terminate the connection with an "illegal_parameter" alert. A zero length cipher suite list I think is considered out of range, and so we should return "decode_error" rather than "illegal_parameter" Fixes #25309 Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/26781) --- ssl/ssl_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0311dadb7e..4a6c2e4069 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -7055,7 +7055,7 @@ int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2form n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; if (PACKET_remaining(cipher_suites) == 0) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_CIPHERS_SPECIFIED); return 0; }