summaryrefslogtreecommitdiff
path: root/doc/tex/tls_extensions.tex
blob: 23786c1f50ab1ccc158b969b20aa7a97eb2472d5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
\section{TLS Extensions}
\index{TLS Extensions}

A number of extensions to the \tls{} protocol have been proposed 
mainly in \cite{TLSEXT}. The extensions supported in \gnutls{} are
\begin{itemize}
\item Maximum fragment length negotiation
\item Server name indication
\end{itemize}
discussed in the subsections that follow.

\subsection*{Maximum fragment length negotiation}
\index{TLS Extensions!Maximum fragment length}

This extension allows a \tlsI{} implementation to negotiate
a smaller value for record packet maximum length. This extension
may be useful to clients with constrained capabilities. See
the 
\printfunc{gnutls_record_set_max_size}{gnutls\_record\_set\_max\_size}
and the 
\printfunc{gnutls_record_get_max_size}{gnutls\_record\_get\_max\_size}
functions.

\subsection*{Server name indication}
\index{TLS Extensions!Server name indication}

A common problem in HTTPS servers is the fact that the \tls{}
protocol is not aware of the hostname that a client connects to, when
the handshake procedure begins. For that reason the \tls{} server
has no way to know which certificate to send. This extension is hack
to the \tls{} protocol to allow the client to send the HTTP hostname
before the handshake begins --within the first handshake packet.

See the functions
\printfunc{gnutls_server_name_set}{gnutls\_server\_name\_set} and
\printfunc{gnutls_server_name_get}{gnutls\_server\_name\_get}.