diff options
author | FdaSilvaYY <fdasilvayy@gmail.com> | 2017-11-05 17:46:48 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-11-05 17:46:48 +0100 |
commit | cf72c7579201086cee303eadcb60bd28eff78dd9 (patch) | |
tree | 35c096098b2527a814c95cc674bb54747e3054a0 /doc | |
parent | b82acc3c1a7f304c9df31841753a0fa76b5b3cda (diff) |
Implement Maximum Fragment Length TLS extension.
Based on patch from Tomasz Moń:
https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/1008)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_CTX_set_split_send_fragment.pod | 68 |
1 files changed, 62 insertions, 6 deletions
diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index f65540fc28..ef5e7cda35 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -5,8 +5,10 @@ SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, -SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len - Control -fragment sizes and pipelining operations +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length - Control fragment size settings and pipelining operations =head1 SYNOPSIS @@ -24,6 +26,10 @@ fragment sizes and pipelining operations void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); void SSL_set_default_read_buffer_len(SSL *s, size_t len); + int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); + int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); + =head1 DESCRIPTION Some engines are able to process multiple simultaneous crypto operations. This @@ -99,15 +105,62 @@ greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes. +SSL_CTX_set_tlsext_max_fragment_length() sets the default maximum fragment +length negotiation mode via value B<mode> to B<ctx>. +This setting affects only SSL instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. + +SSL_set_tlsext_max_fragment_length() sets the maximum fragment length +negotiation mode via value B<mode> to B<ssl>. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects SSL sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. + +SSL_SESSION_get_max_fragment_length() gets the maximum fragment length +negotiated in B<session>. + =head1 RETURN VALUES All non-void functions return 1 on success and 0 on failure. =head1 NOTES -With the exception of SSL_CTX_set_default_read_buffer_len() and -SSL_set_default_read_buffer_len() all these functions are implemented using -macros. +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +SSL_SESSION_get_max_fragment_length() will return: +TLSEXT_max_fragment_length_DISABLED. + +The following modes are available: + +=over 4 + +=item TLSEXT_max_fragment_length_DISABLED + +Disables Maximum Fragment Length Negotiation (default). + +=item TLSEXT_max_fragment_length_512 + +Sets Maximum Fragment Length to 512 bytes. + +=item TLSEXT_max_fragment_length_1024 + +Sets Maximum Fragment Length to 1024. + +=item TLSEXT_max_fragment_length_2048 + +Sets Maximum Fragment Length to 2048. + +=item TLSEXT_max_fragment_length_4096 + +Sets Maximum Fragment Length to 4096. + +=back + +With the exception of SSL_CTX_set_default_read_buffer_len() +SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), +SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() +all these functions are implemented using macros. =head1 HISTORY @@ -116,13 +169,16 @@ SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0. +SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() were added in OpenSSL 1.1.1. + =head1 SEE ALSO L<SSL_CTX_set_read_ahead(3)>, L<SSL_pending(3)> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |