[gnutls-devel] GnuTLS | Multiple issues with handling record_size_limit extension (#676)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jan 18 14:04:35 CET 2019


the thing is that 64 is the explicit lower limit established in the RFC, so it's hard to claim compliance if that value will not be respected by GnuTLS if it is advertised  by the other side

> If we want `2**14+1` for TLS 1.3, it would require delaying the initialization after version negotiation.

but version negotiation should be the very first thing that you do, and anyway, in TLS 1.3 the limit applies only after ServerHello was prepared and encryption keys calculated, at that point you must know what version is negotiated

> For 5, does the 1/n-1 splitting in TLS 1.0 actually work without the extension?

I don't know, haven't checked it for some time, but there are tests that expect split ApplicationData in TLS 1.0 and earlier, e.g. `test-serverhello-random.py` (though they don't verify that the first appdata is exactly 1 byte long as that feature was added in the above quoted PR...)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/676#note_132738626
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190118/b92448c0/attachment.html>


More information about the Gnutls-devel mailing list