I’m working with mbedTLS on a constraint device and especially the 16kB RAM buffers are difficult to manage.
For the new mbedTLS 3 I want to ask for a feature request implementing RFC 8449, if this is not already in the queue.
In the current situation it is possible for a client to reduce the receive buffer size by maximum fragment length extension (RFC 6066).
For servers this does not apply as only the client can propagate the extension which is replied by
the server after handshake. The sever must not change the extension value received from the client.
This means the server must always be prepared to receive a full 16kB record.
Since August 2018 the RFC 8449 replaces RFC 6066. The new extension applies to clients and servers and each endpoint can set the record size limit.
Question 1: Is there a plan supporting RFC 8449 in near future. In my eyes it would help on many constrained devices providing e.g. HTTPS server or secure FTP server.
Question 2: Please verify if the following statement is correct:
RFC 8449 (RFC 6066 also?) define the record size limit of protected messages. In my understanding this means that the endpoint must be able to manage 16kB (receive) records during handshake. Certificates are exchanged in max. 16kB records. Lower negotiated record length is applied after the handshake.
Is this the correct understanding?
Unfortunately, I’m not familiar enough with TLS and mbedTLS to implement this function. But, I would highly appreciate if the RFC 8449 would find its way to mbedTLS.