handshake: support extracting record size limit value #112
Conversation
RFC 8449 [1] Section 4 defines the record_size_limit TLS extension, which allows peers to negotiate a maximum plaintext record size during the TLS handshake. The value must be between 64 bytes and 16,384 bytes (2^14). If a TLS endpoint receives a record larger than its advertised limit, it must send a fatal record_overflow alert. This patch adds support for extracting the record size limit value from the gnutls session and passing it to the kernel. This is to be used by the kernel at the tls layer limit outgoing records to the maximum record size limit as specified by the endpoint. [1] https://www.rfc-editor.org/rfc/rfc8449#section-4 Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
twilfredo
force-pushed
the
wilfred/record-size-ext-upstream
branch
from
e980a14 to
e8e6dfc
Compare
Two questions:
|
I have not sent out the kernel patches yet, I was waiting to see if the GnuTLS patches can be approved beforehand. Since all of this depends on that.
Ah I see, I will add that. Thanks! |
RFC 8449 [1] Section 4 defines the record_size_limit TLS extension, which allows peers to negotiate a maximum plaintext record size during the TLS handshake. The value must be between 64 bytes and 16,384 bytes (2^14). If a TLS endpoint receives a record larger than its advertised limit, it must send a fatal record_overflow alert.
This patch adds support for extracting the record size limit value from the gnutls session and passing it to the kernel. This is to be used by the kernel at the tls layer limit outgoing records to the maximum record size limit as specified by the endpoint.
Based on GnuTLS [2] and Kernel Integration [3].
[1] https://www.rfc-editor.org/rfc/rfc8449#section-4
[2] https://gitlab.com/gnutls/gnutls/-/merge_requests/1989
[3] https://github.com/twilfredo/spdm-linux/commits/wilfred/record-size-tls-test/