Closed
Bug 1451267
Opened 7 years ago
Closed 7 years ago
TLS 1.3 padding should count towards maximum fragment length
Categories
(NSS :: Libraries, enhancement, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.38
People
(Reporter: ttaubert, Unassigned)
References
Details
Attachments
(1 obsolete file)
We currently check the maximum fragment length only after we removed the padding. Per spec [1]:
"The presence of padding does not change the overall record size limitations - the full encoded TLSInnerPlaintext MUST NOT exceed 2^14 + 1 octets."
This will fix BoGo tests LargePlaintext-TLS13-Padded-8193-8192 and LargePlaintext-TLS13-Padded-16384-1.
[1] https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#rfc.section.5.4
|
||
Comment 1•7 years ago
|
||
|
||
Comment 2•7 years ago
|
||
This is going to conflict with the patch for Bug 1396487 pretty badly. That is only awaiting a codepoint and the draft is going through IESG review this week, so that shouldn't be far away.
|
Reporter | |
Comment 3•7 years ago
|
||
Yeah, let's wait until this landed. I'll pick it up again then.
Depends on: 1396487
|
|
Reporter | |
Updated•7 years ago
|
Priority: -- → P2
|
|
Reporter | |
Updated•7 years ago
|
Assignee: ttaubert → nobody
Status: ASSIGNED → NEW
|
|
||
Updated•7 years ago
|
Attachment #8964883 -
Attachment is obsolete: true
|
|
||
Comment 4•7 years ago
|
||
Fixed with the addition of the record size limit extension in Bug 1396487.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.38
You need to log in
before you can comment on or make changes to this bug.
Description
•