State globally that the limitations don't apply to DTLS

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-14 07:20:52 +00:00 · 2025-03-12 10:07:33 +01:00 · 2025-03-12 10:07:33 +01:00 · 2b78a5abfa
commit 2b78a5abfa
parent d9c858039e
1 changed files with 4 additions and 3 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -4853,8 +4853,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
 *                 currently being processed might or might not contain further
 *                 DTLS records.
 *
- * \note           Defragmentation of incoming handshake messages in TLS
- *                 is supported with some limitations:
+ * \note           In TLS, reception of fragmented handshake messages is
+ *                 supported with some limitations (those limitations do
+ *                 not apply to DTLS, where defragmentation is fully
+ *                 supported):
 *                 - On an Mbed TLS server that only accepts TLS 1.2,
 *                   the initial ClientHello message must not be fragmented.
 *                   A TLS 1.2 ClientHello may be fragmented if the server
@ -4862,7 +4864,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
 *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
 *                   accepted versions have not been restricted with
 *                   mbedtls_ssl_conf_max_tls_version() or the like).
- *                   This limitation does not apply to DTLS.
 *                 - The first fragment of a handshake message must be
 *                   at least 4 bytes long.
 *                 - Non-handshake records must not be interleaved between