iPXE discussion forum

iPXE discussion forum > iPXE user forums > General > TLS received oversize handshake
Full Version: TLS received oversize handshake
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

dscoular@gmail.com

2019-03-24, 23:33
Hi All,
Our Red Hat OpenShift/Kubernetes servers appear to have been upgraded over the last few days and iPXE started giving me the following error. I've pulled the latest sources and compiled with DEBUG=tls:1 and disabled OCSP.

Here's a screen dump of the error with tls debug enabled:

https://pasteboard.co/I6XJBPp.png

Any thoughts hugely appreciated. I can provide packet traces if that helps too.

Cheers,

Doug

mcb30

2019-03-25, 01:22
(2019-03-24 23:33)dscoular@gmail.com Wrote: [ -> ]Our Red Hat OpenShift/Kubernetes servers appear to have been upgraded over the last few days and iPXE started giving me the following error. I've pulled the latest sources and compiled with DEBUG=tls:1 and disabled OCSP.

Here's a screen dump of the error with tls debug enabled:

https://pasteboard.co/I6XJBPp.png

Any thoughts hugely appreciated. I can provide packet traces if that helps too.

There was a recent feature enhancement to add support for RFC5077 stateless session resumption (aka session tickets). This may cause the server to send a longer ServerHello message, and it's plausible that this causes the handshake message to be split across multiple records. iPXE doesn't currently handle TLS record reassembly and would instead give the message that you are seeing.

Michael
iPXE discussion forum > iPXE user forums > General > TLS received oversize handshake
Reference URL's