This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm facing an issue where a ftp transfer hangs sometimes when TLS records are exceeding the 2^14 limit defined in RFC5246 is exceeded.
The client=receiver (RHEL64) is reporting a windo_wsize of 0 and not reading the data anymore.
So I'm wondering if this "oversized" TLS record is truly oversized and therefore invalid.
It's not causing trouble all the time and the RFC is somehow confusing (to me )
The trace was taken at th sender with LS enabled. alt text

asked 26 Nov '16, 01:12

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%


The FTP server (or its TLS library) is faulty. RFC 5246 (TLS 1.2), page 20 explicitly forbids larger sizes ("MUST"):

The length (in bytes) of the following TLSPlaintext.fragment. The length MUST NOT exceed 2^14.

The client rightfully fails the TLS session with an Alert message since larger values are illegal by the spec.

permanent link

answered 26 Nov '16, 02:31

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

As this seems to be out in the wild, should we add an Expert Info for this?

(26 Nov '16, 04:50) grahamb ♦
1

Proposed patch that adds expert info for this: https://code.wireshark.org/review/18959

(26 Nov '16, 05:42) Lekensteyn
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×75
×41
×2
×1
×1

question asked: 26 Nov '16, 01:12

question was seen: 1,311 times

last updated: 26 Nov '16, 05:42

p​o​w​e​r​e​d by O​S​Q​A