What does this TLS Alert mean?

问题:

I am looking at a Microsoft Network Monitor capture of an HTTPS "GET" request which mysteriously never completes if performed by .NET HttpWebRequest.

I have found that the Server Hello contains an Alert entry which looks like this:

I have these questions:

Is this alert really encrypted? I read that alerts do come encrypted if sent after a key exchange, but as you can see, this occurs very early in the negotiation stage, at Server Hello.

If not encrypted, is it malformed? The first byte, 01, suggests it's a warning, but the 70 ("Protocol Version") is a fatal error. Surely 70 can only appear as part of 02 70?

What does this mean exactly? "Protocol version" suggests something's up with the, erm, protocol version. However the Client Hello contains "TLS 1.0" as the max version, and the Server Hello specifies "TLS 1.0" too. What else could be wrong?

I can attach the whole capture if anyone is feeling brave :)

The code I used to perform this request is shown in my other question.

回答1:

It is not an encrypted alert. An encrypted alert can come after the handshake is completed and this is not the case here. The first byte indicates the importance of the alert fatal(2), warning(1) and the second byte is the description. In your case is 70 in hex thus 112 in decimal which is unrecognized_name according to RFC 4366. For more information check the protocol definition in RFC 5246.

The unrecognized_name indicates that the server name you sent in the client hello does not match a name known to the server.

文章来源: What does this TLS Alert mean?