Problem Statement: When psk is enabled on server side(wolfSSL_CTX_set_psk_server_callback()), and client sends Handshake packets which are encrypted using incorrect key/password. As soon as server receives ChnageCipherSpec, it enables encyption (ssl->keys.encryptionOn = 1;) on server side. But server is failed to decrypt next "Finished" handshake message coming from client and raise DECRYPT_ERROR(-312). Due to this error I'm calling wolfSSL_shutdown() on server side, which eventually try to send close_notify alert but failed to build encrypted alert message because encryption keys are not yet set on server, which genrally sets when sending FInished handshake message.

My Expectation: If keys used by client is incorrect, server shouldn't enable encryption until both the parties not send ChangeCipherSpec and server is failed to send ChangeCipherSpec after error is occurred while parsing client's Finished message

From RFC 5246: The ChangeCipherSpec message is sent by both the client and the server to notify the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys.

My Suggestion: I am very new to wolfSSL. Excuse me if my suggestion is not valid as per the standards. On either side (server or client) alert messages shall be encrypted only when ENCRYPT_SIDE keys are setup. Otherwise scenarios when error occurred during handshaking after setting keys.encryptionOn = 1 but before setting encryption keys, close_notify message will not be built.

Please do let me know, what you guys think!!

Thanks,
Prince Jain