Should SSLEngine throw SSLHandhakeException?

Florian Weimer fweimer at
Tue Aug 4 18:06:56 UTC 2015

If the SSLEngine client receives a fatal alert, an exception for
Alerts.alert_unexpected_message is generated, which is an SSLException,
not for the alert received, which would be an SSLHandhsakeException.

Is this intentional?  If not, the attached patch fixes that.

I see this when the client receives an inappropriate_fallback alert with
my TLS_FALLBACK_SCSV patch, but I can't see a reason why the behavior
for other alerts would be different.

Florian Weimer / Red Hat Product Security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: engine.patch
Type: text/x-patch
Size: 714 bytes
Desc: not available
URL: <>

More information about the security-dev mailing list