Customizing the Maximum Fragment Length Negotiation (MFLN) extension
It might be desirable for constrained TLS clients to negotiate a smaller maximum fragment
length due to memory limitations or bandwidth limitations. To negotiate smaller maximum fragment
lengths, clients can include an extension of type max_fragment_length in the
(extended) ClientHello message.
After a maximum fragment length is successfully negotiated, the TLS client and server can immediately begin fragmenting messages (including handshake messages) to ensure that no fragment larger than the negotiated length is sent. For more information, see RFC 6066.
Use the
jsse.enableMFLNExtension system property to enable or disable the MFLN
extension for TLS, as described in the following table:
| System Property | Description |
|---|---|
jsse.enableMFLNExtension=true |
Enable the MFLN extension. If the returned value of SSLParameters.getMaximumPacketSize() is less than (212 + header-size), the maximum fragment length negotiation extension is enabled. |
jsse.enableMFLNExtension=false |
Disable the MFLN extension (default setting). |
