Skip to content
  • Matt Caswell's avatar
    Don't allow fragmented alerts · bd990e25
    Matt Caswell authored
    
    
    An alert message is 2 bytes long. In theory it is permissible in SSLv3 -
    TLSv1.2 to fragment such alerts across multiple records (some of which
    could be empty). In practice it make no sense to send an empty alert
    record, or to fragment one. TLSv1.3 prohibts this altogether and other
    libraries (BoringSSL, NSS) do not support this at all. Supporting it adds
    significant complexity to the record layer, and its removal is unlikely
    to cause inter-operability issues.
    
    The DTLS code for this never worked anyway and it is not supported at a
    protocol level for DTLS. Similarly fragmented DTLS handshake records only
    work at a protocol level where at least the handshake message header
    exists within the record. DTLS code existed for trying to handle fragmented
    handshake records smaller than this size. This code didn't work either so
    has also been removed.
    
    Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3476)
    bd990e25
To find the state of this project's repository at the time of any of these versions, check out the tags.