Grading Review for Exercise 08 Q5 - 2e) Paths

0 votes
The question is about pointing invalid TLS path for a state machine. Isn't 3->5 valid? Cause it's like handling the error case. As, there's no state other than error after coming to 5th.
by
edit history

1 Answer

0 votes
Hi,

The path you mentioned is not handling the error case.
It shows that the client does not need to send the CCS and FIN message to send and receive application data to/from the server.

However, a valid TLS Handshake includes sending the CCS and FIN messages from both peers.

If we do not send the CCS message, the negotiated keys are not used, leading to the application data to be sent in plaintext.
In this case, the server even accepts and processes the application data.

If we do not send the FIN message, the handshake itself is not authenticated and can be attacked (e.g., change cipher, downgrade version, ...).

Cheers,
Sebastian
by (1.5k points)
edit history