[gnutls-devel] DTLS max_fragment_length extension supported?
nmav at gnutls.org
Tue Dec 22 16:42:57 CET 2015
On Tue, Dec 22, 2015 at 7:23 AM, Peter Dettman
<peter.dettman at bouncycastle.org> wrote:
> I am testing a development build of the BouncyCastle DTLS client against
> the MacPorts build of GnuTLS (gnutls-serv 3.3.19).
> At first it was not connecting, the client dropping packets after the
> ServerHello for some reason. I eventually noticed that the client was
> requesting max_fragment_length extension, and the server was accepting
> it, agreeing on MaxFragmentLength.2^9(1). The client then appears to
> ignore the Certificate message as it is too large. (Without that
> extension, connections work fine).
> See attached capture of the handshake start, noting the ServerHello with
> max_fragment_length=1, and the Certificate message with Fragment Length 932.
> I have no particular need for this functionality, but I figured I'd
> report it, if only to get a second opinion on whether it's a bug in
> gnutls-serv specifically, in GnuTLS generally, or some error in code or
> understanding at my end.
Thank you for reporting that. It seems like an issue in the handling
of this extension under DTLS. I've opened an issue with your report
More information about the Gnutls-devel