Next: Selecting cryptographic key sizes, Previous: The TLS Handshake Protocol, Up: Introduction to TLS
A number of extensions to the TLS protocol have been proposed mainly in [TLSEXT] (see Bibliography). The extensions supported in GnuTLS are:
and they will be discussed in the subsections that follow.
This extension allows a TLS implementation to negotiate a smaller value for record packet maximum length. This extension may be useful to clients with constrained capabilities. See the gnutls_record_set_max_size and the gnutls_record_get_max_size functions.
A common problem in HTTPS servers is the fact that the TLS protocol is not aware of the hostname that a client connects to, when the handshake procedure begins. For that reason the TLS server has no way to know which certificate to send.
This extension solves that problem within the TLS protocol, and allows a client to send the HTTP hostname before the handshake begins within the first handshake packet. The functions gnutls_server_name_set and gnutls_server_name_get can be used to enable this extension, or to retrieve the name sent by a client.
To resume a TLS session the server normally store some state. This complicates deployment, and typical situations the client can cache information and send it to the server instead. The Session Ticket extension implements this idea, and it is documented in RFC 5077 [TLSTKT] (see Bibliography).
Clients can enable support for TLS tickets with gnutls_session_ticket_enable_client and servers use gnutls_session_ticket_key_generate to generate a key and gnutls_session_ticket_enable_server to enable the extension. Clients resume sessions using the ticket using the normal session resume functions, resume.