mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 16:20:51 +00:00
Document the limitations of TLS handshake message defragmentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
6811978045
commit
36edd48c61
@ -4360,6 +4360,24 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
|
||||
* with \c mbedtls_ssl_read()), not handshake messages.
|
||||
* With DTLS, this affects both ApplicationData and handshake.
|
||||
*
|
||||
* \note Defragmentation of incoming handshake messages in TLS
|
||||
* (excluding DTLS) is supported with some limitations:
|
||||
* - On an Mbed TLS server that only accepts TLS 1.2,
|
||||
* the initial ClientHello message must not be fragmented.
|
||||
* A TLS 1.2 ClientHello may be fragmented if the server
|
||||
* also accepts TLS 1.3 connections (meaning
|
||||
* that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
|
||||
* accepted versions have not been restricted with
|
||||
* mbedtls_ssl_conf_max_tls_version() or the like).
|
||||
* - A ClientHello message that initiates a renegotiation
|
||||
* must not be fragmented.
|
||||
* - The first fragment of a handshake message must be
|
||||
* at least 4 bytes long.
|
||||
* - Non-handshake records must not be interleaved between
|
||||
* the fragments of a handshake message. (This is permitted
|
||||
* in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it
|
||||
* even in TLS 1.2.)
|
||||
*
|
||||
* \note This sets the maximum length for a record's payload,
|
||||
* excluding record overhead that will be added to it, see
|
||||
* \c mbedtls_ssl_get_record_expansion().
|
||||
|
Loading…
x
Reference in New Issue
Block a user