quic compliance: 10.2.3 dropping instead of closing

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21429)
2024-11-30 13:34:44 +08:00 · 2023-07-20 12:40:49 +10:00 · 2023-07-20 12:40:49 +10:00 · bed2087487
commit bed2087487
parent 6861f5a703
1 changed files with 12 additions and 0 deletions
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@ -2026,6 +2026,18 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch)
             * RFC 9000 s. 17.2.2: Clients that receive an Initial packet with a
             * non-zero Token Length field MUST either discard the packet or
             * generate a connection error of type PROTOCOL_VIOLATION.
+             *
+             * TODO(QUIC): consider the implications of RFC 9000 s. 10.2.3
+             * Immediate Close during the Handshake:
+             *      However, at the cost of reducing feedback about
+             *      errors for legitimate peers, some forms of denial of
+             *      service can be made more difficult for an attacker
+             *      if endpoints discard illegal packets rather than
+             *      terminating a connection with CONNECTION_CLOSE. For
+             *      this reason, endpoints MAY discard packets rather
+             *      than immediately close if errors are detected in
+             *      packets that lack authentication.
+             * I.e. should we drop this packet instead of closing the connection?
             */
            ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
                                                   0, "client received initial token");