Reject all invalid records.

The check on the DTLS side was broken anyway. On the TLS side, the spec does
say to ignore them, but there should be no need for this in future-proofing and
NSS doesn't appear to be lenient here. See also

Change-Id: I0846222936c5e08acdcfd9d6f854a99df767e468
Reviewed-by: Adam Langley <>
5 files changed