cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-24 05:00:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Refer to the API documentation for details

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-03-05 17:44:20 +01:00
parent 36edd48c61
commit 1b785e2201
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ChangeLog.d/tls-hs-defrag-in.txt
View File

@ -1,12 +1,7 @@
Bugfix Bugfix
* Support re-assembly of fragmented handshake messages in TLS, as mandated * Support re-assembly of fragmented handshake messages in TLS (both
by the spec. Lack of support was causing handshake failures with some 1.2 and 1.3). The lack of support was causing handshake failures with
servers, especially with TLS 1.3 in practice (though both protocol some servers, especially with TLS 1.3 in practice. There are a few
version could be affected in principle, and both are fixed now). limitations, notably a fragmented ClientHello is only supported when
The initial fragment for each handshake message must be at least 4 bytes. TLS 1.3 support is enabled. See the documentation of
mbedtls_ssl_conf_max_frag_len() for details.
Server-side, defragmentation of the ClientHello message is only
supported if the server accepts TLS 1.3 (regardless of whether the
ClientHello is 1.3 or 1.2). That is, servers configured (either
at compile time or at runtime) to only accept TLS 1.2 will
still fail the handshake if the ClientHello message is fragmented.