Move MTU setting to SSL context, not config
This setting belongs to the individual connection, not to a configuration shared by many connections. (If a default value is desired, that can be handled by the application code that calls mbedtls_ssl_set_mtu().) There are at least two ways in which this matters: - per-connection settings can be adjusted if MTU estimates become available during the lifetime of the connection - it is at least conceivable that a server might recognize restricted clients based on range of IPs and immediately set a lower MTU for them. This is much easier to do with a per-connection setting than by maintaining multiple near-duplicated ssl_config objects that differ only by the MTU setting.
This commit is contained in:
parent
38110dfc0e
commit
6e7aaca146
5 changed files with 63 additions and 52 deletions
programs/ssl
|
@ -2165,9 +2165,6 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
||||
|
||||
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
||||
mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
|
@ -2486,6 +2483,11 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
||||
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||
mbedtls_timing_get_delay );
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue