alert
Click on the red underlined text to get to the source
... handshake messages. Section 3 describes specific
extensions to TLS. Section 4 describes new error alerts for use with
the TLS extensions ...
... format and (as for all other messages) MUST check that the amount of
data in the message precisely matches one of these formats. If it
does not, then it MUST send a fatal "decode_error" alert. This
overrides the "Forward compatibility note" in [TLS ...
... recognize the server name, it SHOULD send an "unrecognized_name"
alert (which MAY be fatal).
If an application negotiates a server name ...
... for a value other than the allowed values, it MUST abort the
handshake with an "illegal_parameter" alert. Similarly, if a client
receives a maximum fragment length negotiation ...
... from the length it requested, it MUST also abort the handshake with
an "illegal_parameter" alert.
Once a maximum fragment ...
... receiving a TLS record layer message larger than 793 bytes may
discard the message and send a "record_overflow" alert, without
decrypting the message.
...
... certificates in a given CertificateURL, it SHOULD time out and signal
a "certificate_unobtainable" error alert.
...
... Error Alerts ...
...
This section defines new error alerts for use with the TLS extensions
defined in this document.
...
... defined in this document.
The following new error alerts are defined. To avoid "breaking"
existing clients and servers, these alerts ...
... error alerts are defined. To avoid "breaking"
existing clients and servers, these alerts MUST NOT be sent unless
the sending party has received an extended hello message from the
...
... party they are communicating with.
- "unsupported_extension": this alert is sent by clients that
receive an extended server hello ...
... This message is always fatal.
- "unrecognized_name": this alert is sent by servers that receive a
server_name extension request, but do not recognize the server
name ...
...
- "certificate_unobtainable": this alert is sent by servers who are
unable to retrieve a certificate chain from the URL ...
... handshake to continue and the server is unable to retrieve the
certificate chain, it may send a fatal alert.
- "bad_certificate ...
...
- "bad_certificate_status_response": this alert is sent by clients
that receive an invalid certificate status ...
... hash. This message is always fatal.
These error alerts are conveyed using the following syntax:
enum {
...
... - Some cases where a server does not agree to an extension are error
conditions, and some simply a refusal to support a particular
feature. In general, error alerts should be used for the former,
and a field in the server extension response for the latter.
...