Clarify DTLS

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-03-11 13:47:49 +01:00
parent 80facedad9
commit d9c858039e

View File

@ -4854,7 +4854,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* DTLS records.
*
* \note Defragmentation of incoming handshake messages in TLS
* (excluding DTLS) is supported with some limitations:
* is supported with some limitations:
* - On an Mbed TLS server that only accepts TLS 1.2,
* the initial ClientHello message must not be fragmented.
* A TLS 1.2 ClientHello may be fragmented if the server
@ -4862,6 +4862,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
* accepted versions have not been restricted with
* mbedtls_ssl_conf_max_tls_version() or the like).
* This limitation does not apply to DTLS.
* - The first fragment of a handshake message must be
* at least 4 bytes long.
* - Non-handshake records must not be interleaved between