From 3838e58f62ca9fef905fcd005b613897963bb65a Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrr@users.noreply.github.com>
Date: Thu, 28 Dec 2017 05:45:49 +0100
Subject: [PATCH] WiFiClientSecure: don't use the broken max_fragment_length
 extension (#4033)

axTLS does not correctly implement max_fragment_length extension. This
causes servers which understand this extension (currently GnuTLS- and
WolfSSL-based) to reject the client hello.

Until this is fixed in axTLS, remove the call to enable this extension
from WiFiClientSecure.

Fixes https://github.com/esp8266/Arduino/issues/3932.
---
 libraries/ESP8266WiFi/src/WiFiClientSecure.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
index d94e41f8f0..cbe4631d82 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
@@ -113,7 +113,6 @@ class SSLContext
     {
         SSL_EXTENSIONS* ext = ssl_ext_new();
         ssl_ext_set_host_name(ext, hostName);
-        ssl_ext_set_max_fragment_size(ext, 4096);
         if (_ssl) {
             /* Creating a new TLS session on top of a new TCP connection.
                ssl_free will want to send a close notify alert, but the old TCP connection