From bfc3f37a06acb15d8804d62b309af7b5f7e6f974 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Mon, 27 Apr 2026 15:58:30 -0600 Subject: [PATCH] tls.c: send missing_extension alert on TLS 1.3 SNI absence --- src/tls.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/tls.c b/src/tls.c index e727f655d3..deeac18f59 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2593,7 +2593,10 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) continue; } - SendAlert(ssl, alert_fatal, handshake_failure); + SendAlert(ssl, alert_fatal, + IsAtLeastTLSv1_3(ssl->version) + ? missing_extension + : handshake_failure); WOLFSSL_ERROR_VERBOSE(SNI_ABSENT_ERROR); return SNI_ABSENT_ERROR; } @@ -2604,7 +2607,10 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH) continue; - SendAlert(ssl, alert_fatal, handshake_failure); + SendAlert(ssl, alert_fatal, + IsAtLeastTLSv1_3(ssl->version) + ? missing_extension + : handshake_failure); WOLFSSL_ERROR_VERBOSE(SNI_ABSENT_ERROR); return SNI_ABSENT_ERROR; }