From c07a34e18b098b77ce7ecb14273b7c75f59b5871 Mon Sep 17 00:00:00 2001
From: cx <1249843194@qq.com>
Date: Thu, 22 Aug 2024 02:13:01 +0800
Subject: [PATCH] Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any
 other change_cipher_spec value(RFC 8446) Fixes: #25086

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25257)
---
 ssl/record/methods/tls_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 0c2414f76e1..6f985180482 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -744,7 +744,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
          * CCS messages must be exactly 1 byte long, containing the value 0x01
          */
         if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
-            RLAYERfatal(rl, SSL_AD_ILLEGAL_PARAMETER,
+            RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
                         SSL_R_INVALID_CCS_MESSAGE);
             return OSSL_RECORD_RETURN_FATAL;
         }
-- 
2.47.2