This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TLS1.2 record length gt 16K valid?

1

I'm facing an issue where a ftp transfer hangs sometimes when TLS records are exceeding the 2^14 limit defined in RFC5246 is exceeded.
The client=receiver (RHEL64) is reporting a windo_wsize of 0 and not reading the data anymore.
So I'm wondering if this "oversized" TLS record is truly oversized and therefore invalid.
It's not causing trouble all the time and the RFC is somehow confusing (to me )
The trace was taken at th sender with LS enabled. alt text

asked 26 Nov '16, 01:12

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

One Answer:

1

The FTP server (or its TLS library) is faulty. RFC 5246 (TLS 1.2), page 20 explicitly forbids larger sizes ("MUST"):

The length (in bytes) of the following TLSPlaintext.fragment. The length MUST NOT exceed 2^14.

The client rightfully fails the TLS session with an Alert message since larger values are illegal by the spec.

answered 26 Nov '16, 02:31

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

As this seems to be out in the wild, should we add an Expert Info for this?

(26 Nov '16, 04:50) grahamb ♦
1

Proposed patch that adds expert info for this: https://code.wireshark.org/review/18959

(26 Nov '16, 05:42) Lekensteyn