[ipxe-devel] [ipxe/ipxe] Add an option to disable TLS fragmentation (#112)

Christopher notifications at github.com
Tue May 5 17:56:52 UTC 2020


iPXE currently does not support TLS connections with large certificate chains because it can not handle TLS handshake record fragmentation. So i think there should be an option to disable the request for fragmentation. Hence i would add a `confg/tls.h` to make changes to the behaviour of the tls implementation. By default the request for fragmentation is enabled, so nothing changes here, but if desired it can be turned of by undefining `TLS_FRAGMENTATION_ENABLED`
I also added the option `TLS_REQUESTED_MAX_FRAGMENT_LENGTH` for defining, if fragmentation is enabled, the requested maximum fragment length.

I appreciate your comments and feedback.

You can view, comment on, or merge this pull request online at:

  https://github.com/ipxe/ipxe/pull/112

-- Commit Summary --

  * Add a configuration header for tls and an option to disable tls fragmentation

-- File Changes --

    A src/config/tls.h (26)
    M src/net/tls.c (7)

-- Patch Links --

https://github.com/ipxe/ipxe/pull/112.patch
https://github.com/ipxe/ipxe/pull/112.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/112
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20200505/9130b320/attachment.htm>


More information about the ipxe-devel mailing list