mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-14 07:20:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refer to the API documentation for details

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-03-05 17:44:20 +01:00
parent 36edd48c61
commit 1b785e2201
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ChangeLog.d/tls-hs-defrag-in.txt
View File

@ -1,12 +1,7 @@
Bugfix
* Support re-assembly of fragmented handshake messages in TLS, as mandated
by the spec. Lack of support was causing handshake failures with some
servers, especially with TLS 1.3 in practice (though both protocol
version could be affected in principle, and both are fixed now).
The initial fragment for each handshake message must be at least 4 bytes.
Server-side, defragmentation of the ClientHello message is only
supported if the server accepts TLS 1.3 (regardless of whether the
ClientHello is 1.3 or 1.2). That is, servers configured (either
at compile time or at runtime) to only accept TLS 1.2 will
still fail the handshake if the ClientHello message is fragmented.
* Support re-assembly of fragmented handshake messages in TLS (both
1.2 and 1.3). The lack of support was causing handshake failures with
some servers, especially with TLS 1.3 in practice. There are a few
limitations, notably a fragmented ClientHello is only supported when
TLS 1.3 support is enabled. See the documentation of
mbedtls_ssl_conf_max_frag_len() for details.