[gnutls-devel] DTLS max_fragment_length extension supported?

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Dec 22 16:42:57 CET 2015


On Tue, Dec 22, 2015 at 7:23 AM, Peter Dettman
<peter.dettman at bouncycastle.org> wrote:
> Hi,
> I am testing a development build of the BouncyCastle DTLS client against
> the MacPorts build of GnuTLS (gnutls-serv 3.3.19).
> At first it was not connecting, the client dropping packets after the
> ServerHello for some reason. I eventually noticed that the client was
> requesting max_fragment_length extension, and the server was accepting
> it, agreeing on MaxFragmentLength.2^9(1). The client then appears to
> ignore the Certificate message as it is too large. (Without that
> extension, connections work fine).
> See attached capture of the handshake start, noting the ServerHello with
> max_fragment_length=1, and the Certificate message with Fragment Length 932.
> I have no particular need for this functionality, but I figured I'd
> report it, if only to get a second opinion on whether it's a bug in
> gnutls-serv specifically, in GnuTLS generally, or some error in code or
> understanding at my end.

Thank you for reporting that. It seems like an issue in the handling
of this extension under DTLS. I've opened an issue with your report
at: https://gitlab.com/gnutls/gnutls/issues/61

regards,
Nikos



More information about the Gnutls-devel mailing list