Hi Joe, On 03/18/2017 10:17 AM, Joseph Birr-Pixton wrote: > With the greatest of respect, mbedtls *doesn't* implement > max_fragment_length[1], because it doesn't fragment handshake messages > as required by the spec. Attempts to use it with a conforming peer > will fail to handshake.
while I am waiting for my mbed TLS coworkers to respond I have been asking myself what the MFL extension of handshake message can really provide. For example, the certificate message is typically one of the largest messages in the TLS handshake. If it is too large to fit in a buffer of the client then what should be done? As a client I cannot verify just half of a certificate. Of course, if it possible to avoid sending a long certificate chain but this is subject to deployment choices. While I can see some use of the MFL extension in the handshake protocol, for example, in the selection of the ciphersuite or in deciding whether multiple messages should be concatenated into a single datagram I fear there is typically much less room for maneuver compared to the application layer protocol. Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
