Topic: [SOLVED] Max frag length
As also stated on https://www.wolfssl.com/using-maximum-f … h-wolfssl/
the maximum fragment length is 2^14 = 0x4000 = 16384 bytes.
When configured with --enable-maxfragment the wolfSSL client sends something with
the client HELLO message to the server, which responds with the actual frag length
to be used (am I correct?).
In the source I find the following:
int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
{
...
if (extensions == NULL || mfl < WOLFSSL_MFL_MIN || mfl > WOLFSSL_MFL_MAX)
return BAD_FUNC_ARG;
...
where
/* Fragment lengths */
enum {
WOLFSSL_MFL_2_9 = 1, /* 512 bytes */
WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */
WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9,
WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8,
};
In other words, you are only allowed to pass for mfl: 1, 2, 3, 4, 5 or 6 with
the meanings: 512, 1024, 2048, 4096, 8192 and 256 bytes.
There is no 16384 bytes.
Also, the server reply is decoded by TLSX_MFL_Parse :
static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte isRequest)
{
...
switch (*input) {
case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break;
case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
default:
SendAlert(ssl, alert_fatal, illegal_parameter);
return UNKNOWN_MAX_FRAG_LEN_E;
}
...
again restricting the possible fragment size to a maximum of 8192 bytes.
What happened to the (allowed) value of 16384?