diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 342ec5242e..0d132227c0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1160,6 +1160,15 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, } p += ext_len; +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + ret = mbedtls_ssl_tls13_write_record_size_limit_ext( + ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &ext_len); + if (ret != 0) { + return ret; + } + p += ext_len; +#endif + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92b3e171c6..1cd01dc0c2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4856,10 +4856,13 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ - -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" -# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send -# a response in its EncryptedExtensions record. -# -c "RecordSizeLimit: 16385 Bytes" + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "found record_size_limit extension" \ + -c "RecordSizeLimit: 16385 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension received." \ + -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \ + -s "record_size_limit 16384 negotiated" # In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the # maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size".