Comply with the received Record Size Limit extension
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 043988f..39baa42 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1188,6 +1188,11 @@
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+/*!< Record Size Limit for outgoing data requested by peer */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ uint16_t MBEDTLS_PRIVATE(record_size_limit);
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
unsigned char MBEDTLS_PRIVATE(exported);
/** TLS version negotiated in the session. Used if and when renegotiating
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index eae192b..6b799ee 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -439,6 +439,24 @@
size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+/**
+ * \brief Return the record size limit (in bytes) for
+ * the output buffer. This is less than the value requested by the
+ * peer (using RFC 8449), since it subtracts the space required for the
+ * content type and padding of the TLSInnerPlaintext struct (RFC 8446).
+ * Returns MBEDTLS_SSL_OUT_CONTENT_LEN if no limit was requested by the peer.
+ *
+ * \sa mbedtls_ssl_get_max_out_record_payload()
+ * ssl_compute_internal_record_size_limit()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current record size limit for the output buffer.
+ */
+size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl);
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx)
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4daf2e7..7a8c759 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2455,6 +2455,7 @@
* uint8 ticket_flags;
* opaque resumption_key<0..255>;
* uint32 max_early_data_size;
+ * uint16 record_size_limit;
* select ( endpoint ) {
* case client: ClientOnlyData;
* case server: uint64 ticket_creation_time;
@@ -2490,6 +2491,9 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
needed += 4; /* max_early_data_size */
#endif
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ needed += 2; /* record_size_limit */
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_HAVE_TIME)
needed += 8; /* ticket_creation_time or ticket_reception_time */
@@ -2534,6 +2538,10 @@
MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0);
p += 4;
#endif
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0);
+ p += 2;
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
@@ -2610,6 +2618,13 @@
session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
#endif
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ if (end - p < 2) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+ session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0);
+ p += 2;
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
@@ -3458,6 +3473,7 @@
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
+ !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \
!defined(MBEDTLS_SSL_PROTO_DTLS)
(void) ssl;
#endif
@@ -3470,6 +3486,14 @@
}
#endif
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl);
+
+ if (max_len > record_size_limit) {
+ max_len = record_size_limit;
+ }
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (mbedtls_ssl_get_current_mtu(ssl) != 0) {
const size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 052df7e..1a246c4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2113,12 +2113,11 @@
ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(
ssl, p, p + extension_data_len);
-
- /* TODO: Return unconditionally here until we handle the record
- * size limit correctly. Once handled correctly, only return in
- * case of errors. */
- return ret;
-
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret);
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index cc77a94..7c7aac8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1714,7 +1714,7 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit));
- /* RFC 8449, section 4
+ /* RFC 8449, section 4:
*
* Endpoints MUST NOT send a "record_size_limit" extension with a value
* smaller than 64. An endpoint MUST treat receipt of a smaller value
@@ -1727,13 +1727,47 @@
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
- MBEDTLS_SSL_DEBUG_MSG(
- 2, ("record_size_limit extension is still in development. Aborting handshake."));
+ ssl->session_negotiate->record_size_limit = record_size_limit;
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
- MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION);
- return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
+ return 0;
+}
+
+static inline size_t ssl_compute_internal_record_size_limit(size_t record_size_limit)
+{
+ /* RFC 8449, section 4:
+ *
+ * This value [record_size_limit] is the length of the plaintext of a protected record.
+ * The value includes the content type and padding added in TLS 1.3 (that is, the complete
+ * length of TLSInnerPlaintext).
+ *
+ * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
+ * and subtract 1 (for the content type that will be added later)
+ */
+ return ((record_size_limit / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
+}
+
+size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
+{
+ const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+ size_t record_size_limit = max_len;
+
+ if (ssl->session != NULL &&
+ ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
+ ssl->session->record_size_limit < max_len) {
+ record_size_limit = ssl_compute_internal_record_size_limit(ssl->session->record_size_limit);
+ }
+
+ // TODO: this is currently untested
+ /* During a handshake, use the value being negotiated */
+ if (ssl->session_negotiate != NULL &&
+ ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
+ ssl->session_negotiate->record_size_limit < max_len) {
+ record_size_limit = ssl_compute_internal_record_size_limit(
+ ssl->session_negotiate->record_size_limit);
+ }
+
+ return record_size_limit;
}
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index bfe805f..9e2cbbf 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1699,14 +1699,11 @@
ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(
ssl, p, extension_data_end);
-
- /*
- * TODO: Return unconditionally here until we handle the record
- * size limit correctly.
- * Once handled correctly, only return in case of errors.
- */
- return ret;
-
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret);
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c96128b..8f90345 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3520,7 +3520,7 @@
mbedtls_printf(" [ Record expansion is unknown ]\n");
}
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl));
mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n",
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 462597b..27e020d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -5709,11 +5709,8 @@
msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled"
cd tests; ./test_suite_ssl; cd ..
- msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)"
- # Both the server and the client will currently abort the handshake when they encounter the
- # record size limit extension. There is no way to prevent gnutls-cli from sending the extension
- # which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension.
- tests/ssl-opt.sh -f "Record Size Limit"
+ msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)"
+ tests/ssl-opt.sh
}
component_build_mingw () {
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4762285..427849d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4837,22 +4837,24 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
-run_test "Record Size Limit: TLS 1.3: Server-side parsing, debug output and fatal alert" \
+run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \
"$P_SRV debug_level=3 force_version=tls13" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \
- 1 \
+ 0 \
-c "Preparing extension (Record Size Limit/28) for 'client hello'" \
-c "Sending extension Record Size Limit/28 (2 bytes)" \
-s "ClientHello: record_size_limit(28) extension received."\
-s "found record_size_limit extension" \
-s "RecordSizeLimit: 16385 Bytes" \
- -c "Received alert \[110]: An unsupported extension was sent"
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 16384" \
+ -s "bytes written in 1 fragments"
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
-run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and fatal alert" \
+run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \
"$P_CLI debug_level=4 force_version=tls13" \
0 \
@@ -4863,8 +4865,162 @@
# -s "Sending extension Record Size Limit/28 (2 bytes)" \
# -c "EncryptedExtensions: record_size_limit(28) extension received."\
# -c "found record_size_limit extension" \
-# -c "RecordSizeLimit: 16385 Bytes" \
-# -s "Received alert \[110]: An unsupported extension was sent"
+# -c "RecordSizeLimit: 16385 Bytes"
+
+# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the
+# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size".
+# There is currently a lower limit of 512, caused by this function not respecting the
+# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function
+# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size.
+# There is currently an upper limit of 4096, caused by the cli arg parser:
+# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395.
+# Thus, these tests are currently limit to that value range.
+# Moreover, the value sent in the extension is expected to be larger by one compared
+# to the value passed on the cli:
+# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=256" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 513 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 511" \
+ -s "256 bytes written in 1 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=768" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 513 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 511" \
+ -s "768 bytes written in 2 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=1280" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 513 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 511" \
+ -s "1280 bytes written in 3 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=512" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 1024 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 1023" \
+ -s "512 bytes written in 1 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 1024 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 1023" \
+ -s "1536 bytes written in 2 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 1024 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 1023" \
+ -s "2560 bytes written in 3 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 4096 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 4095" \
+ -s "2048 bytes written in 1 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 4096 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 4095" \
+ -s "6144 bytes written in 2 fragments"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \
+ "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
+ 0 \
+ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+ -c "Sending extension Record Size Limit/28 (2 bytes)" \
+ -s "ClientHello: record_size_limit(28) extension received."\
+ -s "found record_size_limit extension" \
+ -s "RecordSizeLimit: 4096 Bytes" \
+ -s "ClientHello: record_size_limit(28) extension exists." \
+ -s "Maximum outgoing record payload length is 4095" \
+ -s "10240 bytes written in 3 fragments"
# Tests for renegotiation