Re: [TLS] RFC 6066 - Max fragment length negotiation

Thu, 16 Mar 2017 14:00:18 -0700 

> On 16 Mar 2017, at 22:52, Nitin Shrivastav <nitin.shrivas...@broadcom.com> 
> wrote:
> 
> Thanks Yoav. I am assuming it is true for TLS1.2 also?

RFC 5246 *is* TLS 1.2.  But it’s true for previous versions and for 1.3 as well.
> 
> It would be nice to provide a mechanism for servers to do this as we are 
> trying to run a web server in a constrained IoT end-points with only tens of 
> KBytes of RAM and SSL/TLS based connection is important..

I don’t get if you mean that the constrained end-point is the client or the 
server. But either way, both sides can be configured to use small records. You 
only really need this extension when you both have large amounts of data (so 
large records would be used without this extension) and the server is a generic 
web server that responds to both constrained and non-constrained devices.

But even in that case, adding the extension to the ClientHello should not be 
infeasible.

Yoav

> On Thu, Mar 16, 2017 at 4:48 PM, Yoav Nir <ynir.i...@gmail.com 
> <mailto:ynir.i...@gmail.com>> wrote:
> Hi, Nitin.
> 
> In section 7.4.1.4 of RFC 5246 it says:
> 
>    An extension type MUST NOT appear in the ServerHello unless the same
>    extension type appeared in the corresponding ClientHello.
> 
> So the answer is no. Only the client may request this.
> 
> Yoav
> 
>> On 16 Mar 2017, at 21:12, Nitin Shrivastav <nitin.shrivas...@broadcom.com 
>> <mailto:nitin.shrivas...@broadcom.com>> wrote:
>> 
>> Hello,
>> 
>> This is Nitin Shrivastav, Engineering Manager at Broadcom. I have a question 
>> on RFC 6066 Maximum Fragment Length Negotiation section
>> 
>> The question i have is whether it is possible for a server to initiate the 
>> Max fragment length negotiation. The RFC describes a scenario where a 
>> constrained client can initiate this but in our product the server is very 
>> tightly constrained on memory and we want to reduce the memory used for SSL 
>> connections by forcing the clients to use reduce fragment length. We don't 
>> have control over the clients in our scenario which are basically the 
>> browsers like Chrome, IE etc.
>> 
>> Thanks,
>> Nitin
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org <mailto:TLS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/tls 
>> <https://www.ietf.org/mailman/listinfo/tls>
> 
>

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to