Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec value(RFC 8446)

Fixes: #25086 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25257)
author: cx <1249843194@qq.com> 2024-08-21 20:13:01 +0200
committer: Matt Caswell <matt@openssl.org> 2024-08-26 11:58:10 +0200
commit: c07a34e18b098b77ce7ecb14273b7c75f59b5871 (patch)
tree: 135dfa34151f96fb29dcec825c6546c5ff7b6526
parent: fix: alias auditEntity OID (diff)
download: openssl-c07a34e18b098b77ce7ecb14273b7c75f59b5871.tar.xz
openssl-c07a34e18b098b77ce7ecb14273b7c75f59b5871.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 0c2414f76e..6f98518048 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -744,7 +744,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
          * CCS messages must be exactly 1 byte long, containing the value 0x01
          */
         if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
-            RLAYERfatal(rl, SSL_AD_ILLEGAL_PARAMETER,
+            RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
                         SSL_R_INVALID_CCS_MESSAGE);
             return OSSL_RECORD_RETURN_FATAL;
         }
author	cx <1249843194@qq.com>	2024-08-21 20:13:01 +0200
committer	Matt Caswell <matt@openssl.org>	2024-08-26 11:58:10 +0200
commit	c07a34e18b098b77ce7ecb14273b7c75f59b5871 (patch)
tree	135dfa34151f96fb29dcec825c6546c5ff7b6526
parent	fix: alias auditEntity OID (diff)
download	openssl-c07a34e18b098b77ce7ecb14273b7c75f59b5871.tar.xz openssl-c07a34e18b098b77ce7ecb14273b7c75f59b5871.zip