Post Reply 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
TLS received oversize handshake
2019-03-25, 01:22
Post: #2
RE: TLS received oversize handshake
(2019-03-24 23:33) Wrote:  Our Red Hat OpenShift/Kubernetes servers appear to have been upgraded over the last few days and iPXE started giving me the following error. I've pulled the latest sources and compiled with DEBUG=tls:1 and disabled OCSP.

Here's a screen dump of the error with tls debug enabled:

Any thoughts hugely appreciated. I can provide packet traces if that helps too.

There was a recent feature enhancement to add support for RFC5077 stateless session resumption (aka session tickets). This may cause the server to send a longer ServerHello message, and it's plausible that this causes the handshake message to be split across multiple records. iPXE doesn't currently handle TLS record reassembly and would instead give the message that you are seeing.

Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 

Messages In This Thread
RE: TLS received oversize handshake - mcb30 - 2019-03-25 01:22

User(s) browsing this thread: 1 Guest(s)