According to RFC 8446, Section 4.4.4, recipients of incorrect Finished

messages must terminate the connection with a decrypt_error alert, so
replace the use of the deprecated decryption_failed alert accordingly.

ok beck inoguchi jsing

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index e9eee19bff..1c9debc4e5 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.44 2020/02/18 16:12:14 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.45 2020/02/23 17:51:36 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -868,7 +868,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
                 goto err;
 
         if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
-                ctx->alert = TLS1_AD_DECRYPTION_FAILED;
+                ctx->alert = TLS1_AD_DECRYPT_ERROR;
                 goto err;
         }