On 17 March 2017 at 16:01, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > Here are my 5 cents: we implement this extension in our mbed TLS stack
With the greatest of respect, mbedtls *doesn't* implement max_fragment_length[1], because it doesn't fragment handshake messages as required by the spec. Attempts to use it with a conforming peer will fail to handshake. When I came across this a year or so ago, I concluded that nobody could have actually deployed max_fragment_length using mbedtls. Cheers, Joe [1] https://github.com/ARMmbed/mbedtls/issues/387 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls