@@ -922,6 +922,15 @@ def recvRecord(self):
922922 elif self ._is_tls13_plus () and \
923923 header .type == ContentType .change_cipher_spec :
924924 pass
925+ # when we're in the early handshake, then unencrypted alerts
926+ # are fine too
927+ elif self ._is_tls13_plus () and \
928+ header .type == ContentType .alert and \
929+ len (data ) < 3 and \
930+ self ._readState and \
931+ self ._readState .encContext and \
932+ self ._readState .seqnum == 0 :
933+ pass
925934 elif self ._readState and \
926935 self ._readState .encContext and \
927936 self ._readState .encContext .isAEAD :
@@ -957,10 +966,10 @@ def recvRecord(self):
957966 # start checking the MACs
958967 self .early_data_ok = False
959968
960- # TLS 1.3 encrypts the type, CCS is not encrypted
969+ # TLS 1.3 encrypts the type, CCS and Alerts are not encrypted
961970 if self ._is_tls13_plus () and self ._readState and \
962971 self ._readState .encContext and \
963- header .type != ContentType .change_cipher_spec :
972+ header .type == ContentType .application_data :
964973 # check if plaintext is not too big, RFC 8446, section 5.4
965974 if len (data ) > self .recv_record_limit + 1 :
966975 raise TLSRecordOverflow ()
0 commit comments