Skip to content

Commit

Permalink
WiFiClientSecure: don't use the broken max_fragment_length extension (e…
Browse files Browse the repository at this point in the history 
…sp8266#4033)

axTLS does not correctly implement max_fragment_length extension. This
causes servers which understand this extension (currently GnuTLS- and
WolfSSL-based) to reject the client hello.

Until this is fixed in axTLS, remove the call to enable this extension
from WiFiClientSecure.

Fixes esp8266#3932.
  • Loading branch information
@igrr @devyte
igrr authored and devyte committed Dec 28, 2017
1 parent a7984b6 commit 3838e58
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,6 @@ class SSLContext
{
SSL_EXTENSIONS* ext = ssl_ext_new();
ssl_ext_set_host_name(ext, hostName);
ssl_ext_set_max_fragment_size(ext, 4096);
if (_ssl) {
/* Creating a new TLS session on top of a new TCP connection.
ssl_free will want to send a close notify alert, but the old TCP connection
Expand Down

0 comments on commit 3838e58

Please sign in to comment.