6752efdeaf
TLS 1.3 forbids warning alerts, and sending these is a bad idea. Per RFC 6066: If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake. It is NOT RECOMMENDED to send a warning-level unrecognized_name(112) alert, because the client's behavior in response to warning-level alerts is unpredictable. The motivation is to cut down on the number of places where we send non-closing alerts. We can't remove them yet (SSL 3.0 and TLS 1.3 draft 18 need to go), but eventually this can be a simplifying assumption. Already this means DTLS never sends warning alerts, which is good because DTLS can't retransmit them. Change-Id: I577a1eb9c23e66d28235c0fbe913f00965e19486 Reviewed-on: https://boringssl-review.googlesource.com/13221 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||