From 7d343ecf06c45d8d99d3fd8bd7368a5b4f737e14 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:29:05 +0100 Subject: [PATCH] Add note on inner plaintext parsing to ssl_transform documentation Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e92381c33..cd881eb02 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -554,6 +554,10 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * time with the 8-byte record sequence number, without prepending the * latter to the encrypted record. * + * Additionally, DTLS 1.2 + CID as well as TLS 1.3 use an inner plaintext + * which allows to add flexible length padding and to hide a record's true + * content type. + * * In addition to type and version, the following parameters are relevant: * - The symmetric cipher algorithm to be used. * - The (static) encryption/decryption keys for the cipher.