tls

TLS Alert Codes

Numeric alert codes transmitted in TLS Alert messages, as defined in RFC 8446 (TLS 1.3) and earlier TLS/SSL specifications. Alert codes indicate why a connection is being terminated or notify the peer of a condition.

34 codes

references rfc-editor.org/rfc/rfc8446 iana.org/assignments/tls-parameters/tls-parameters.xhtml

· All codes 34 codes

access_denied access_denied A valid certificate or PSK was received but the access control process determined that the sender is not authorised to proceed with the negotiation. This alert is always fatal.
bad_certificate bad_certificate A certificate was corrupt, contained signatures that did not verify correctly, or was otherwise malformed.
bad_certificate_hash_value bad_certificate_hash_value A certificate hash did not match the expected value provided in a TLS extension. This alert is always fatal.
bad_certificate_status_response bad_certificate_status_response An invalid or unacceptable OCSP response was received in a CertificateStatus handshake message. This alert is always fatal.
bad_record_mac bad_record_mac A record was received whose authentication tag (MAC or AEAD authentication) could not be verified. This alert is always fatal and must not be used to reveal timing information.
certificate_expired certificate_expired A certificate has expired or is not currently valid according to the validity period in the certificate itself.
certificate_required certificate_required Client authentication is required by the server but no certificate was provided by the client. This alert is always fatal.
certificate_revoked certificate_revoked A certificate has been revoked by its signer, as indicated by a CRL or OCSP response received from the signer.
certificate_unknown certificate_unknown A certificate was rejected for some other unspecified reason not covered by a more specific alert code.
certificate_unobtainable certificate_unobtainable A certificate could not be obtained using the URLs provided in a certificate status request extension. Defined in RFC 6066.
close_notify close_notify Notifies the recipient that the sender will transmit no more messages on this connection. Both peers must send this alert before closing the write side of the connection.
decode_error decode_error A message could not be decoded because some field was out of the specified range or the length was incorrect. This alert is always fatal.
decompression_failure decompression_failure The decompression function received improper input, such as data that exceeds the maximum permitted length. Reserved in TLS 1.3, which removed compression support.
decrypt_error decrypt_error A handshake cryptographic operation failed, including signature verification failure or a key exchange computation that produced an invalid result. This alert is always fatal.
decryption_failed_RESERVED decryption_failed_RESERVED Used in earlier TLS versions to indicate CBC decryption failure, but was found to be vulnerable to padding oracle attacks. This code is reserved and must not be sent by TLS 1.2 or later implementations.
export_restriction_RESERVED export_restriction_RESERVED Used in TLS 1.0 to signal that a negotiation was not compatible with export restrictions. This code is reserved and must not be sent by TLS 1.1 or later implementations.
handshake_failure handshake_failure The sender was unable to negotiate an acceptable set of security parameters from the options offered by the peer. This alert is always fatal.
illegal_parameter illegal_parameter A field in the handshake was out of range or inconsistent with other fields. This alert is always fatal.
inappropriate_fallback inappropriate_fallback Sent by a server in response to an invalid connection retry attempt by a client. Indicates that the fallback to a lower protocol version was not acceptable. This alert is always fatal.
insufficient_security insufficient_security Returned instead of handshake_failure when a negotiation failed because the server requires cipher suites more secure than those offered by the client. This alert is always fatal.
internal_error internal_error An internal error unrelated to the peer or the correctness of the protocol prevented the connection from continuing. This alert is always fatal.
missing_extension missing_extension A TLS 1.3 endpoint received a handshake message that did not contain an extension required for the negotiated protocol version or parameters. This alert is always fatal.
no_application_protocol no_application_protocol The client's Application-Layer Protocol Negotiation (ALPN) extension advertised protocols that the server does not support. This alert is always fatal.
no_certificate_RESERVED no_certificate_RESERVED Used in SSL 3.0 to indicate that no certificate was available. This code is reserved and must not be sent by TLS implementations.
no_renegotiation_RESERVED no_renegotiation_RESERVED Used in TLS 1.2 and earlier to decline a renegotiation request. Reserved in TLS 1.3, which does not support renegotiation.
protocol_version protocol_version The protocol version offered by the peer is recognised but not supported. This alert is always fatal.
record_overflow record_overflow A TLSCiphertext record was received whose length exceeded the allowed maximum (2^14 + 256 bytes in TLS 1.3), or a decrypted record exceeded the plaintext limit. This alert is always fatal.
unexpected_message unexpected_message An inappropriate message was received, such as an incorrect handshake message type or a premature application data record. This alert is always fatal.
unknown_ca unknown_ca A valid certificate chain was received but could not be verified because the CA certificate could not be located or could not be matched to a known, trusted CA. This alert is always fatal.
unknown_psk_identity unknown_psk_identity A PSK identity was supplied by the client but no acceptable PSK identity was found by the server. A server may send this alert or may choose to send handshake_failure instead.
unrecognized_name unrecognized_name No server exists for the name indicated in the Server Name Indication (SNI) extension. A server may send this as a warning or the client may treat its absence as a fatal error.
unsupported_certificate unsupported_certificate A certificate was of an unsupported type or contained unsupported features that prevented the receiver from processing it.
unsupported_extension unsupported_extension A TLS endpoint received an extension in a handshake message where that extension type is not permitted, or received the same extension type more than once. This alert is always fatal.
user_canceled user_canceled The handshake is being cancelled for a reason unrelated to a protocol failure, such as the user aborting the connection. If the handshake is already complete, the sender should send close_notify instead.