Merge pull request #4382 from hanno-arm/max_record_payload_api
Remove MFL query API and add API for maximum plaintext size of incoming records
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
16fdab79a5
9
ChangeLog.d/max-record-payload-api.txt
Normal file
9
ChangeLog.d/max-record-payload-api.txt
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
API changes
|
||||||
|
* Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and
|
||||||
|
mbedtls_ssl_get_output_max_frag_len(), and add a new API
|
||||||
|
mbedtls_ssl_get_max_in_record_payload(), complementing the existing
|
||||||
|
mbedtls_ssl_get_max_out_record_payload().
|
||||||
|
Uses of mbedtls_ssl_get_input_max_frag_len() and
|
||||||
|
mbedtls_ssl_get_input_max_frag_len() should be replaced by
|
||||||
|
mbedtls_ssl_get_max_in_record_payload() and
|
||||||
|
mbedtls_ssl_get_max_out_record_payload(), respectively.
|
||||||
11
docs/3.0-migration-guide.d/max-record-payload-api.md
Normal file
11
docs/3.0-migration-guide.d/max-record-payload-api.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Remove MaximumFragmentLength (MFL) query API
|
||||||
|
-----------------------------------------------------------------
|
||||||
|
|
||||||
|
This affects users which use the MFL query APIs
|
||||||
|
`mbedtls_ssl_get_{input,output}_max_frag_len()` to
|
||||||
|
infer upper bounds on the plaintext size of incoming and
|
||||||
|
outgoing record.
|
||||||
|
|
||||||
|
Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()`
|
||||||
|
instead, which also provides such upper bounds but takes more factors
|
||||||
|
than just the MFL configuration into account.
|
||||||
@ -50,7 +50,9 @@ The function `mbedtls_ssl_conf_dh_param()` was removed. Please use
|
|||||||
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
|
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
|
||||||
|
|
||||||
The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
|
The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
|
||||||
`mbedtls_ssl_get_output_max_frag_len()` instead.
|
`mbedtls_ssl_get_max_out_record_payload()` and
|
||||||
|
`mbedtls_ssl_get_max_in_record_payload()`
|
||||||
|
instead.
|
||||||
|
|
||||||
Deprecated hex-encoded primes were removed from DHM
|
Deprecated hex-encoded primes were removed from DHM
|
||||||
---------------------------------------------------
|
---------------------------------------------------
|
||||||
|
|||||||
@ -3536,45 +3536,15 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
|
|||||||
*/
|
*/
|
||||||
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
|
||||||
/**
|
|
||||||
* \brief Return the maximum fragment length (payload, in bytes) for
|
|
||||||
* the output buffer. For the client, this is the configured
|
|
||||||
* value. For the server, it is the minimum of two - the
|
|
||||||
* configured value and the negotiated one.
|
|
||||||
*
|
|
||||||
* \sa mbedtls_ssl_conf_max_frag_len()
|
|
||||||
* \sa mbedtls_ssl_get_max_record_payload()
|
|
||||||
*
|
|
||||||
* \param ssl SSL context
|
|
||||||
*
|
|
||||||
* \return Current maximum fragment length for the output buffer.
|
|
||||||
*/
|
|
||||||
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Return the maximum fragment length (payload, in bytes) for
|
|
||||||
* the input buffer. This is the negotiated maximum fragment
|
|
||||||
* length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN.
|
|
||||||
* If it is not defined either, the value is 2^14. This function
|
|
||||||
* works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
|
|
||||||
*
|
|
||||||
* \sa mbedtls_ssl_conf_max_frag_len()
|
|
||||||
* \sa mbedtls_ssl_get_max_record_payload()
|
|
||||||
*
|
|
||||||
* \param ssl SSL context
|
|
||||||
*
|
|
||||||
* \return Current maximum fragment length for the output buffer.
|
|
||||||
*/
|
|
||||||
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Return the current maximum outgoing record payload in bytes.
|
* \brief Return the current maximum outgoing record payload in bytes.
|
||||||
* This takes into account the config.h setting \c
|
*
|
||||||
* MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
|
* \note The logic to determine the maximum outgoing record payload is
|
||||||
* max fragment length extension if used, and for DTLS the
|
* version-specific. It takes into account various factors, such as
|
||||||
* path MTU as configured and current record expansion.
|
* the config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
|
||||||
|
* such as the max fragment length or record size limit extension if
|
||||||
|
* used, and for DTLS the path MTU as configured and current
|
||||||
|
* record expansion.
|
||||||
*
|
*
|
||||||
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
|
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
|
||||||
* called with a larger length value.
|
* called with a larger length value.
|
||||||
@ -3583,9 +3553,7 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
|||||||
* to the caller to call \c mbedtls_ssl_write() again in
|
* to the caller to call \c mbedtls_ssl_write() again in
|
||||||
* order to send the remaining bytes if any.
|
* order to send the remaining bytes if any.
|
||||||
*
|
*
|
||||||
* \sa mbedtls_ssl_set_mtu()
|
* \sa mbedtls_ssl_get_max_out_record_payload()
|
||||||
* \sa mbedtls_ssl_get_output_max_frag_len()
|
|
||||||
* \sa mbedtls_ssl_get_input_max_frag_len()
|
|
||||||
* \sa mbedtls_ssl_get_record_expansion()
|
* \sa mbedtls_ssl_get_record_expansion()
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
@ -3595,6 +3563,26 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
|||||||
*/
|
*/
|
||||||
int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Return the current maximum incoming record payload in bytes.
|
||||||
|
*
|
||||||
|
* \note The logic to determine the maximum outgoing record payload is
|
||||||
|
* version-specific. It takes into account various factors, such as
|
||||||
|
* the config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
|
||||||
|
* such as the max fragment length extension or record size limit
|
||||||
|
* extension if used, and the current record expansion.
|
||||||
|
*
|
||||||
|
* \sa mbedtls_ssl_set_mtu()
|
||||||
|
* \sa mbedtls_ssl_get_max_in_record_payload()
|
||||||
|
* \sa mbedtls_ssl_get_record_expansion()
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return Current maximum payload for an outgoing record,
|
||||||
|
* or a negative error code.
|
||||||
|
*/
|
||||||
|
int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
/**
|
||||||
* \brief Return the peer certificate from the current connection.
|
* \brief Return the peer certificate from the current connection.
|
||||||
@ -3893,7 +3881,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
* or negotiated with the peer), then:
|
* or negotiated with the peer), then:
|
||||||
* - with TLS, less bytes than requested are written.
|
* - with TLS, less bytes than requested are written.
|
||||||
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
||||||
* \c mbedtls_ssl_get_output_max_frag_len() may be used to
|
* \c mbedtls_ssl_get_max_out_record_payload() may be used to
|
||||||
* query the active maximum fragment length.
|
* query the active maximum fragment length.
|
||||||
*
|
*
|
||||||
* \note Attempting to write 0 bytes will result in an empty TLS
|
* \note Attempting to write 0 bytes will result in an empty TLS
|
||||||
|
|||||||
@ -255,6 +255,39 @@
|
|||||||
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
|
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
/**
|
||||||
|
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||||
|
* the output buffer. For the client, this is the configured
|
||||||
|
* value. For the server, it is the minimum of two - the
|
||||||
|
* configured value and the negotiated one.
|
||||||
|
*
|
||||||
|
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||||
|
* \sa mbedtls_ssl_get_max_out_record_payload()
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return Current maximum fragment length for the output buffer.
|
||||||
|
*/
|
||||||
|
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||||
|
* the input buffer. This is the negotiated maximum fragment
|
||||||
|
* length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN.
|
||||||
|
* If it is not defined either, the value is 2^14. This function
|
||||||
|
* works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
|
||||||
|
*
|
||||||
|
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||||
|
* \sa mbedtls_ssl_get_max_in_record_payload()
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return Current maximum fragment length for the output buffer.
|
||||||
|
*/
|
||||||
|
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||||
static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
|
static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -4427,6 +4427,24 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
|
|||||||
return( (int) max_len );
|
return( (int) max_len );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
(void) ssl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl );
|
||||||
|
|
||||||
|
if( max_len > mfl )
|
||||||
|
max_len = mfl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return( (int) max_len );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
|
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -2021,10 +2021,10 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_printf( " [ Record expansion is unknown ]\n" );
|
mbedtls_printf( " [ Record expansion is unknown ]\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
|
mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
|
||||||
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
|
(unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
|
||||||
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
|
mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
|
||||||
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
|
(unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
|
|||||||
@ -3066,10 +3066,10 @@ handshake:
|
|||||||
mbedtls_printf( " [ Record expansion is unknown ]\n" );
|
mbedtls_printf( " [ Record expansion is unknown ]\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
|
mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
|
||||||
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
|
(unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
|
||||||
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
|
mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
|
||||||
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
|
(unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
|
|||||||
188
tests/ssl-opt.sh
188
tests/ssl-opt.sh
@ -2872,10 +2872,10 @@ run_test "Max fragment length: enabled, default" \
|
|||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3" \
|
"$P_CLI debug_level=3" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
@ -2886,10 +2886,10 @@ run_test "Max fragment length: enabled, default, larger message" \
|
|||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
@ -2903,10 +2903,10 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \
|
|||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
1 \
|
1 \
|
||||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
@ -2922,10 +2922,10 @@ run_test "Max fragment length: disabled, larger message" \
|
|||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
0 \
|
0 \
|
||||||
-C "Maximum input fragment length is 16384" \
|
-C "Maximum incoming record payload length is 16384" \
|
||||||
-C "Maximum output fragment length is 16384" \
|
-C "Maximum outgoing record payload length is 16384" \
|
||||||
-S "Maximum input fragment length is 16384" \
|
-S "Maximum incoming record payload length is 16384" \
|
||||||
-S "Maximum output fragment length is 16384" \
|
-S "Maximum outgoing record payload length is 16384" \
|
||||||
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
||||||
-s "$MAX_CONTENT_LEN bytes read" \
|
-s "$MAX_CONTENT_LEN bytes read" \
|
||||||
-s "1 bytes read"
|
-s "1 bytes read"
|
||||||
@ -2935,10 +2935,10 @@ run_test "Max fragment length DTLS: disabled, larger message" \
|
|||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
1 \
|
1 \
|
||||||
-C "Maximum input fragment length is 16384" \
|
-C "Maximum incoming record payload length is 16384" \
|
||||||
-C "Maximum output fragment length is 16384" \
|
-C "Maximum outgoing record payload length is 16384" \
|
||||||
-S "Maximum input fragment length is 16384" \
|
-S "Maximum incoming record payload length is 16384" \
|
||||||
-S "Maximum output fragment length is 16384" \
|
-S "Maximum outgoing record payload length is 16384" \
|
||||||
-c "fragment larger than.*maximum "
|
-c "fragment larger than.*maximum "
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
@ -2946,10 +2946,10 @@ run_test "Max fragment length: used by client" \
|
|||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 4096" \
|
-c "Maximum incoming record payload length is 4096" \
|
||||||
-c "Maximum output fragment length is 4096" \
|
-c "Maximum outgoing record payload length is 4096" \
|
||||||
-s "Maximum input fragment length is 4096" \
|
-s "Maximum incoming record payload length is 4096" \
|
||||||
-s "Maximum output fragment length is 4096" \
|
-s "Maximum outgoing record payload length is 4096" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -2960,10 +2960,10 @@ run_test "Max fragment length: client 512, server 1024" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=512" \
|
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 512" \
|
-c "Maximum incoming record payload length is 512" \
|
||||||
-c "Maximum output fragment length is 512" \
|
-c "Maximum outgoing record payload length is 512" \
|
||||||
-s "Maximum input fragment length is 512" \
|
-s "Maximum incoming record payload length is 512" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -2974,10 +2974,10 @@ run_test "Max fragment length: client 512, server 2048" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=512" \
|
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 512" \
|
-c "Maximum incoming record payload length is 512" \
|
||||||
-c "Maximum output fragment length is 512" \
|
-c "Maximum outgoing record payload length is 512" \
|
||||||
-s "Maximum input fragment length is 512" \
|
-s "Maximum incoming record payload length is 512" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -2988,10 +2988,10 @@ run_test "Max fragment length: client 512, server 4096" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=512" \
|
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 512" \
|
-c "Maximum incoming record payload length is 512" \
|
||||||
-c "Maximum output fragment length is 512" \
|
-c "Maximum outgoing record payload length is 512" \
|
||||||
-s "Maximum input fragment length is 512" \
|
-s "Maximum incoming record payload length is 512" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3002,10 +3002,10 @@ run_test "Max fragment length: client 1024, server 512" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=1024" \
|
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 1024" \
|
-c "Maximum incoming record payload length is 1024" \
|
||||||
-c "Maximum output fragment length is 1024" \
|
-c "Maximum outgoing record payload length is 1024" \
|
||||||
-s "Maximum input fragment length is 1024" \
|
-s "Maximum incoming record payload length is 1024" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3016,10 +3016,10 @@ run_test "Max fragment length: client 1024, server 2048" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=1024" \
|
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 1024" \
|
-c "Maximum incoming record payload length is 1024" \
|
||||||
-c "Maximum output fragment length is 1024" \
|
-c "Maximum outgoing record payload length is 1024" \
|
||||||
-s "Maximum input fragment length is 1024" \
|
-s "Maximum incoming record payload length is 1024" \
|
||||||
-s "Maximum output fragment length is 1024" \
|
-s "Maximum outgoing record payload length is 1024" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3030,10 +3030,10 @@ run_test "Max fragment length: client 1024, server 4096" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=1024" \
|
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 1024" \
|
-c "Maximum incoming record payload length is 1024" \
|
||||||
-c "Maximum output fragment length is 1024" \
|
-c "Maximum outgoing record payload length is 1024" \
|
||||||
-s "Maximum input fragment length is 1024" \
|
-s "Maximum incoming record payload length is 1024" \
|
||||||
-s "Maximum output fragment length is 1024" \
|
-s "Maximum outgoing record payload length is 1024" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3044,10 +3044,10 @@ run_test "Max fragment length: client 2048, server 512" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048" \
|
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3058,10 +3058,10 @@ run_test "Max fragment length: client 2048, server 1024" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048" \
|
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 1024" \
|
-s "Maximum outgoing record payload length is 1024" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3072,10 +3072,10 @@ run_test "Max fragment length: client 2048, server 4096" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048" \
|
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 2048" \
|
-s "Maximum outgoing record payload length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3086,10 +3086,10 @@ run_test "Max fragment length: client 4096, server 512" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 4096" \
|
-c "Maximum incoming record payload length is 4096" \
|
||||||
-c "Maximum output fragment length is 4096" \
|
-c "Maximum outgoing record payload length is 4096" \
|
||||||
-s "Maximum input fragment length is 4096" \
|
-s "Maximum incoming record payload length is 4096" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3100,10 +3100,10 @@ run_test "Max fragment length: client 4096, server 1024" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 4096" \
|
-c "Maximum incoming record payload length is 4096" \
|
||||||
-c "Maximum output fragment length is 4096" \
|
-c "Maximum outgoing record payload length is 4096" \
|
||||||
-s "Maximum input fragment length is 4096" \
|
-s "Maximum incoming record payload length is 4096" \
|
||||||
-s "Maximum output fragment length is 1024" \
|
-s "Maximum outgoing record payload length is 1024" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3114,10 +3114,10 @@ run_test "Max fragment length: client 4096, server 2048" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 4096" \
|
-c "Maximum incoming record payload length is 4096" \
|
||||||
-c "Maximum output fragment length is 4096" \
|
-c "Maximum outgoing record payload length is 4096" \
|
||||||
-s "Maximum input fragment length is 4096" \
|
-s "Maximum incoming record payload length is 4096" \
|
||||||
-s "Maximum output fragment length is 2048" \
|
-s "Maximum outgoing record payload length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3128,10 +3128,10 @@ run_test "Max fragment length: used by server" \
|
|||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
"$P_CLI debug_level=3" \
|
"$P_CLI debug_level=3" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
-s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum output fragment length is 4096" \
|
-s "Maximum outgoing record payload length is 4096" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
@ -3143,8 +3143,8 @@ run_test "Max fragment length: gnutls server" \
|
|||||||
"$G_SRV" \
|
"$G_SRV" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 4096" \
|
-c "Maximum incoming record payload length is 4096" \
|
||||||
-c "Maximum output fragment length is 4096" \
|
-c "Maximum outgoing record payload length is 4096" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
@ -3153,10 +3153,10 @@ run_test "Max fragment length: client, message just fits" \
|
|||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
|
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 2048" \
|
-s "Maximum outgoing record payload length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3169,10 +3169,10 @@ run_test "Max fragment length: client, larger message" \
|
|||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
|
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 2048" \
|
-s "Maximum outgoing record payload length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3186,10 +3186,10 @@ run_test "Max fragment length: DTLS client, larger message" \
|
|||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
|
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
|
||||||
1 \
|
1 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 2048" \
|
-s "Maximum outgoing record payload length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
@ -3296,10 +3296,10 @@ run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
|||||||
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
||||||
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum input fragment length is 2048" \
|
-c "Maximum incoming record payload length is 2048" \
|
||||||
-c "Maximum output fragment length is 2048" \
|
-c "Maximum outgoing record payload length is 2048" \
|
||||||
-s "Maximum input fragment length is 2048" \
|
-s "Maximum incoming record payload length is 2048" \
|
||||||
-s "Maximum output fragment length is 512" \
|
-s "Maximum outgoing record payload length is 512" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user