[Help-gnutls] TLS message boundary

Rich Fought whatever at fsrz.net
Thu Mar 2 18:39:20 CET 2006

>From the TLS RFC (2246):
"6.2.1. Fragmentation

   The record layer fragments information blocks into TLSPlaintext
   records carrying data in chunks of 2^14 bytes or less. Client message
   boundaries are not preserved in the record layer (i.e., multiple
   client messages of the same ContentType may be coalesced into a
   single TLSPlaintext record, or a single message may be fragmented
   across several records)."

So the theoretical answer is no.  In practice however, as you have
as long as you transmit a single data message per TLS_send and that data
is less than 16k, you should be OK.  The only caveat being that there is
a provision in the TLS Extensions RFC for negotiating a smaller record size.
This however is requested by the client, and the server may opt not to
satisfy the request.

Hope this helps,


From: Ang Way Chuang [mailto:wcang at yahoo.com] 
Sent: Wednesday, March 01, 2006 11:06 PM
To: Rich Fought; help-gnutls at gnu.org
Subject: RE: [Help-gnutls] TLS message boundary

> Seems like data message boundary is still respected because none 
> of data are truncated/appended. The test is performed on loop back 
> interface. So is it 100% safe to assume gnutls_record_recv respect
> data message boundary for app that sends less than 16k? Please advise.

More information about the Gnutls-help mailing list