About TLS record limit, current upstream mbedtls has some problems that cause bugs:
record_size_limit extension to negotiation max record size between client and server. But:mbedtls currently (ver: 3.4.0) does not support it and just ignore that extension.mbedlts will send a TLS record with record length > 2^14 which breaks the RFC, as a result, causing client's record overflow error.It has been ensure problem 2 cause: clients (especially common browsers) will throw "record_overflow" alert to server when server try to send a record that bigger than 2^14 .
From wireshark, I saw it sends a record with length field value: 16416 which is 32 bigger the 2^14.
So current temporary solution is to manually set the MBEDTLS_SSL_OUT_CONTENT_LEN to a smaller number, see #294
This may also related to the our async_write function under mbedtls/src/ssl/context.rs.
But further investigation is needed to identify real reason for this.
Ref:
https://www.rfc-editor.org/rfc/rfc8446#section-5.1
https://datatracker.ietf.org/doc/html/rfc8449
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4