[Help-gnutls] TLS message boundary
Rich Fought
whatever at fsrz.net
Thu Mar 2 18:39:20 CET 2006
>From the TLS RFC (2246):
"6.2.1. Fragmentation
The record layer fragments information blocks into TLSPlaintext
records carrying data in chunks of 2^14 bytes or less. Client message
boundaries are not preserved in the record layer (i.e., multiple
client messages of the same ContentType may be coalesced into a
single TLSPlaintext record, or a single message may be fragmented
across several records)."
So the theoretical answer is no. In practice however, as you have
discovered,
as long as you transmit a single data message per TLS_send and that data
message
is less than 16k, you should be OK. The only caveat being that there is
a provision in the TLS Extensions RFC for negotiating a smaller record size.
This however is requested by the client, and the server may opt not to
satisfy the request.
Hope this helps,
Rich
________________________________
From: Ang Way Chuang [mailto:wcang at yahoo.com]
Sent: Wednesday, March 01, 2006 11:06 PM
To: Rich Fought; help-gnutls at gnu.org
Subject: RE: [Help-gnutls] TLS message boundary
> Seems like data message boundary is still respected because none
> of data are truncated/appended. The test is performed on loop back
> interface. So is it 100% safe to assume gnutls_record_recv respect
> data message boundary for app that sends less than 16k? Please advise.
More information about the Gnutls-help
mailing list