TLS/DTLS Zero-length fragments of Application Data

[nunojpg]

Version

master

Description

TLS 1.2 and 1.3 RFC says "Zero-length fragments of Application Data MAY be sent, as they are potentially useful as a traffic analysis countermeasure".

I couldnt find any equivalent spec for DTLS, and since UDP datagrams without payload exist it should definitely be allowed also in DTLS.

I have tested that when calling wolfSSL_write with sz == 0 no transmission takes place.

I believe this is not compliant.

I think also the documentation for wolfSSL_write should be explicit about what happens or not if sz == 0.

[anhu]

Thank you @nunojpg . I understand that you are trying to use wolfSSL_write where sz is zero in DTLS. I will need to go back to my team to get an appropriate response back to you. Please stay tuned. Warm regards, Anthony

[anhu]

Hi @nunojpg . Do you need the feature of writing with sz == 0 ? If so, may I ask what you would like to do with this feature?

[nunojpg]

Nothing essential. It's just the canonical form to provide a binary command. Onde of the states is the empty payload.

Just want to confirm what is the support status. Wouldn't go out of my way to implement it.

[anhu]

@nunojpg , Thank you for your honest feedback. I will look for an appropriate place to add a comment saying that when sz is zero no transmission will occur and add it soon. Please stay tuned. Warm regards, Anthony

[anhu]

Oh....This is interesting our documentation indicates returning zero is an error. This will be a bit more than a one line fix.