[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnutls-dev
Subject:    Re: [gnutls-devel] DTLS max_fragment_length extension supported?
From:       Nikos Mavrogiannopoulos <nmav () gnutls ! org>
Date:       2015-12-22 15:42:57
Message-ID: CAJU7za+4sJbMGWymk-HvQ0YJ8FLNi2LZ2x5RPwdYL3pzUw95CA () mail ! gmail ! com
[Download RAW message or body]

On Tue, Dec 22, 2015 at 7:23 AM, Peter Dettman
<peter.dettman@bouncycastle.org> wrote:
> Hi,
> I am testing a development build of the BouncyCastle DTLS client against
> the MacPorts build of GnuTLS (gnutls-serv 3.3.19).
> At first it was not connecting, the client dropping packets after the
> ServerHello for some reason. I eventually noticed that the client was
> requesting max_fragment_length extension, and the server was accepting
> it, agreeing on MaxFragmentLength.2^9(1). The client then appears to
> ignore the Certificate message as it is too large. (Without that
> extension, connections work fine).
> See attached capture of the handshake start, noting the ServerHello with
> max_fragment_length=1, and the Certificate message with Fragment Length 932.
> I have no particular need for this functionality, but I figured I'd
> report it, if only to get a second opinion on whether it's a bug in
> gnutls-serv specifically, in GnuTLS generally, or some error in code or
> understanding at my end.

Thank you for reporting that. It seems like an issue in the handling
of this extension under DTLS. I've opened an issue with your report
at: https://gitlab.com/gnutls/gnutls/issues/61

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]