Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation of mbedtls_ssl_conf_max_frag_len() inaccurate #2258

hanno-arm opened this issue Dec 4, 2018 · 1 comment


None yet
3 participants
Copy link

commented Dec 4, 2018

The documentation of mbedtls_ssl_conf_max_frag_len() states:

 * \brief          Set the maximum fragment length to emit and/or negotiate
 *                 (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
 *                 MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
 *                 (Server: set maximum fragment length to emit,
 *                 usually negotiated by the client during handshake
 *                 (Client: set maximum fragment length to emit *and*
 *                 negotiate with the server during handshake)
 * \param mfl_code Code for maximum fragment length (allowed values:
 *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
 *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
 * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA

This suggests that for, say, MBEDTLS_SSL_IN_CONTENT_LEN = MBEDTLS_SSL_OUT_CONTENT_LEN = 4096, a call

mbedtls_ssl_conf_max_frag_len( conf, MBEDTLS_SSL_MAX_FRAG_LEN_4096 );

would be redundant. In particular, one might think that enabling MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and using a default value for the I/O buffers would lead to the MFL extension being used to communicate the size limitation. However, that's not true: The MFL extension will only be added to the ClientHello if mbedtls_ssl_conf_max_frag_len() has been called. That needs to be clarified in the documentation.


This comment has been minimized.

Copy link

commented Dec 4, 2018

ARM Internal Ref: IOTSSL-2656

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.