Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server support for MaxFragmentLength #585

Closed
bobmcwhirter opened this issue Mar 19, 2021 · 5 comments
Closed

server support for MaxFragmentLength #585

bobmcwhirter opened this issue Mar 19, 2021 · 5 comments

Comments

@bobmcwhirter
Copy link

I've an embedded system with constrained resources, attempting to negotiate MaxFragmentLength extension with the server during ClientHello.

Seems rustls ignores that extension when supplied by the client, but enums.rs does acknowledge that the extension exists, along with the presence of the Fragmenter type. But it seems Fragmenter is statically configured for the server, and not on a per-connection negotiation with the client.
@djc
Copy link
Member

djc commented Mar 19, 2021
edited
Loading

Do you need that particular extension, or just something that works in the constrained environment? I was reading up on max_fragment_length and it looks like there's a newer RFC that covers similar use cases.

@bobmcwhirter
Copy link
Author

bobmcwhirter commented Mar 19, 2021 via email

@bobmcwhirter
Copy link
Author

bobmcwhirter commented Mar 19, 2021
edited
Loading

fwiw, reading over that RFC, I see it's only in the "proposed" state. I'm still happy to go with it if we can work out those details (and I'll also continue to emit max_fragment_length for those servers that support only it).

edit: I finally was able to spot the codepoint for it:

 The "record_size_limit" extension has been assigned a code point of 28.

@ctz
Copy link
Member

ctz commented Mar 19, 2021

I don't think we should implement either of those extensions. There are two reasons for that opinion:

  1. ecosystem implementation is patchy and broken. For example, mbedtls (very common device-side iot tls library) misimplements MaxFragmentLength so it is not able to handshake with a server that supports it^1. That is, like, obviously terrible and makes the extension a no-go. The other proposal is only that, and has no tlswg or common implementation backing.

  2. you don't need it: in IoT you commonly control both ends for device-server communications, and can configure them to respect each other's limitations: this works -- at my day job we've shipped millions of iot devices using this approach.

@bobmcwhirter
Copy link
Author

@ctz Thanks, I was unaware of (1) and do mostly agree with (2).

Mostly this just caught me out when I moved from a Java-based TLS server to rustls, and noticed the lack of support for it, which caught me out initially.

No complaints from me if closed as WONTFIX.

@ctz ctz closed this as completed Mar 20, 2021
@ctz ctz mentioned this issue Jan 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bobmcwhirter @djc @ctz