blob: 23786c1f50ab1ccc158b969b20aa7a97eb2472d5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
\section{TLS Extensions}
\index{TLS Extensions}
A number of extensions to the \tls{} protocol have been proposed
mainly in \cite{TLSEXT}. The extensions supported in \gnutls{} are
\begin{itemize}
\item Maximum fragment length negotiation
\item Server name indication
\end{itemize}
discussed in the subsections that follow.
\subsection*{Maximum fragment length negotiation}
\index{TLS Extensions!Maximum fragment length}
This extension allows a \tlsI{} implementation to negotiate
a smaller value for record packet maximum length. This extension
may be useful to clients with constrained capabilities. See
the
\printfunc{gnutls_record_set_max_size}{gnutls\_record\_set\_max\_size}
and the
\printfunc{gnutls_record_get_max_size}{gnutls\_record\_get\_max\_size}
functions.
\subsection*{Server name indication}
\index{TLS Extensions!Server name indication}
A common problem in HTTPS servers is the fact that the \tls{}
protocol is not aware of the hostname that a client connects to, when
the handshake procedure begins. For that reason the \tls{} server
has no way to know which certificate to send. This extension is hack
to the \tls{} protocol to allow the client to send the HTTP hostname
before the handshake begins --within the first handshake packet.
See the functions
\printfunc{gnutls_server_name_set}{gnutls\_server\_name\_set} and
\printfunc{gnutls_server_name_get}{gnutls\_server\_name\_get}.
|