diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 043988f255..39baa4213c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1188,6 +1188,11 @@ struct mbedtls_ssl_session { unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +/*!< Record Size Limit for outgoing data requested by peer */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + uint16_t MBEDTLS_PRIVATE(record_size_limit); +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + unsigned char MBEDTLS_PRIVATE(exported); /** TLS version negotiated in the session. Used if and when renegotiating diff --git a/library/ssl_misc.h b/library/ssl_misc.h index eae192bacb..6b799eebd3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -439,6 +439,24 @@ size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) +/** + * \brief Return the record size limit (in bytes) for + * the output buffer. This is less than the value requested by the + * peer (using RFC 8449), since it subtracts the space required for the + * content type and padding of the TLSInnerPlaintext struct (RFC 8446). + * Returns MBEDTLS_SSL_OUT_CONTENT_LEN if no limit was requested by the peer. + * + * \sa mbedtls_ssl_get_max_out_record_payload() + * ssl_compute_internal_record_size_limit() + * + * \param ssl SSL context + * + * \return Current record size limit for the output buffer. + */ +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl); +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4daf2e7eec..7a8c759fa3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2455,6 +2455,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * uint8 ticket_flags; * opaque resumption_key<0..255>; * uint32 max_early_data_size; + * uint16 record_size_limit; * select ( endpoint ) { * case client: ClientOnlyData; * case server: uint64 ticket_creation_time; @@ -2490,6 +2491,9 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_EARLY_DATA) needed += 4; /* max_early_data_size */ #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + needed += 2; /* record_size_limit */ +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) needed += 8; /* ticket_creation_time or ticket_reception_time */ @@ -2534,6 +2538,10 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); p += 4; #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -2610,6 +2618,13 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -3458,6 +3473,7 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ + !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ !defined(MBEDTLS_SSL_PROTO_DTLS) (void) ssl; #endif @@ -3470,6 +3486,14 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) } #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl); + + if (max_len > record_size_limit) { + max_len = record_size_limit; + } +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (mbedtls_ssl_get_current_mtu(ssl) != 0) { const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 052df7e66e..1a246c4dfc 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2113,12 +2113,11 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( ssl, p, p + extension_data_len); - - /* TODO: Return unconditionally here until we handle the record - * size limit correctly. Once handled correctly, only return in - * case of errors. */ - return ret; - + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); + return ret; + } break; #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cc77a9438e..7c7aac80e4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1714,7 +1714,7 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - /* RFC 8449, section 4 + /* RFC 8449, section 4: * * Endpoints MUST NOT send a "record_size_limit" extension with a value * smaller than 64. An endpoint MUST treat receipt of a smaller value @@ -1727,13 +1727,47 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - MBEDTLS_SSL_DEBUG_MSG( - 2, ("record_size_limit extension is still in development. Aborting handshake.")); + ssl->session_negotiate->record_size_limit = record_size_limit; - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; + return 0; +} + +static inline size_t ssl_compute_internal_record_size_limit(size_t record_size_limit) +{ + /* RFC 8449, section 4: + * + * This value [record_size_limit] is the length of the plaintext of a protected record. + * The value includes the content type and padding added in TLS 1.3 (that is, the complete + * length of TLSInnerPlaintext). + * + * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * and subtract 1 (for the content type that will be added later) + */ + return ((record_size_limit / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; +} + +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) +{ + const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; + size_t record_size_limit = max_len; + + if (ssl->session != NULL && + ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session->record_size_limit < max_len) { + record_size_limit = ssl_compute_internal_record_size_limit(ssl->session->record_size_limit); + } + + // TODO: this is currently untested + /* During a handshake, use the value being negotiated */ + if (ssl->session_negotiate != NULL && + ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session_negotiate->record_size_limit < max_len) { + record_size_limit = ssl_compute_internal_record_size_limit( + ssl->session_negotiate->record_size_limit); + } + + return record_size_limit; } #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bfe805f496..9e2cbbf249 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1699,14 +1699,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( ssl, p, extension_data_end); - - /* - * TODO: Return unconditionally here until we handle the record - * size limit correctly. - * Once handled correctly, only return in case of errors. - */ - return ret; - + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); + return ret; + } break; #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c96128b94c..8f90345f5b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3520,7 +3520,7 @@ handshake: mbedtls_printf(" [ Record expansion is unknown ]\n"); } -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..27e020db92 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5709,11 +5709,8 @@ component_test_tls13_only_record_size_limit () { msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled" cd tests; ./test_suite_ssl; cd .. - msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)" - # Both the server and the client will currently abort the handshake when they encounter the - # record size limit extension. There is no way to prevent gnutls-cli from sending the extension - # which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension. - tests/ssl-opt.sh -f "Record Size Limit" + msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)" + tests/ssl-opt.sh } component_build_mingw () { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4762285b00..427849d241 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4837,22 +4837,24 @@ run_test "Max fragment length: DTLS client, larger message" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Server-side parsing, debug output and fatal alert" \ +run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ - 1 \ + 0 \ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ -c "Sending extension Record Size Limit/28 (2 bytes)" \ -s "ClientHello: record_size_limit(28) extension received."\ -s "found record_size_limit extension" \ -s "RecordSizeLimit: 16385 Bytes" \ - -c "Received alert \[110]: An unsupported extension was sent" + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 16384" \ + -s "bytes written in 1 fragments" requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_gnutls_next_disable_tls13_compat requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and fatal alert" \ +run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ @@ -4863,8 +4865,162 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and f # -s "Sending extension Record Size Limit/28 (2 bytes)" \ # -c "EncryptedExtensions: record_size_limit(28) extension received."\ # -c "found record_size_limit extension" \ -# -c "RecordSizeLimit: 16385 Bytes" \ -# -s "Received alert \[110]: An unsupported extension was sent" +# -c "RecordSizeLimit: 16385 Bytes" + +# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the +# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". +# There is currently a lower limit of 512, caused by this function not respecting the +# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function +# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size. +# There is currently an upper limit of 4096, caused by the cli arg parser: +# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. +# Thus, these tests are currently limit to that value range. +# Moreover, the value sent in the extension is expected to be larger by one compared +# to the value passed on the cli: +# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=256" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 511" \ + -s "256 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=768" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 511" \ + -s "768 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=1280" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 511" \ + -s "1280 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "512 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "1536 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "2560 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "2048 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "6144 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "10240 bytes written in 3 fragments" # Tests for renegotiation