Possibility to change MTU (max_frag_len) fragmentation size.

[ratelwork]

I am submitting a …

• [ ] bug report
• [X] feature request

Description

It will be very nice to have possibility to change maximum DTLS fragment size. In the ssl_server2 dtls=1 this parameter can be changed via max_frag_len=512, but it supports only the constant values 512, 1024, 2048, 4096. In my usecase I need max_frag_len=380. Is there are some possibility to change it now? (at least I did not found something related to that in the source code.

1. programs/server.py --dtls --max_frag_len 380
2. programs/client.py --dtls --max_frag_len 380

Minimal demo of the problem

>>> import mbedtls
...
        conf = DTLSConfiguration(
            pre_shared_key_store=args.psk_store, 
            validate_certificates=False,
            max_frag_len=380,
        )

[Synss]

Currently, it isn't possible but wrapping mbedtls_ssl_set_mtu or mbedtls_ssl_conf_max_frag_len, or both should be simple enough.

These are the relevant options, right?

[Synss]

If I'm not mistaken, upstream only allows the values you already noted: 512, 1024, 2048, and 4096. So it can't be set to 380. See, https://github.com/Mbed-TLS/mbedtls/blob/development/include/mbedtls/ssl.h#L4230C1-L4232

[ratelwork]

If I got that right ony mbedtls_ssl_conf_max_frag_len allow to use constant values. mbedtls_ssl_set_mtu allows to use any integer value.

[Synss]

Yes, I think you're right. Reopening.

[Synss]

Both functions are wrapped now in the library and they will be available in the next release. If you need the functionality faster, you should compile the library yourself, have a look under scripts/ for examples. I do not really plan to modify the example programs but that should be simple enough.

[ratelwork]

Thanks a lot! Approximately, when do you plan to make a new release?

[Synss]

It should come in the next few days.

[Synss]

2.7.0 is out on https://pypi.org/project/python-mbedtls/