diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1d392ab31..f563437d1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1392,18 +1392,25 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * example when a PMTU estimate becomes available from other * sources, such as lower (or higher) protocol layers. * - * \note This only controls the size of the packet we send. + * \note This only controls the size of the packets we send. * Client-side, you can request the server to use smaller * records with \c mbedtls_ssl_conf_max_frag_len(). * * \note If both a MTU and a maximum fragment length have been - * configured (or negotiated with the peer), the lower limit - * is used. + * configured (or negotiated with the peer), the resulting + * lower limit (after translating the MTU setting to a limit + * on the record content length) is used. * - * \note Values larger than #MBEDTLS_SSL_OUT_CONTENT_LEN have no - * effect. This can only be used to decrease the maximum size - * of datagrams sent. Values lower than record layer expansion - * are ignored. + * \note This can only be used to decrease the maximum size + * of datagrams sent. It cannot be used to increase the + * maximum size of records over the limit set by + * #MBEDTLS_SSL_OUT_CONTENT_LEN. + * + * \note Values lower than the current record layer expansion will + * result in an error when trying to send data. + * + * \note Using record compression together with a non-zero MTU value + * will result in an error when trying to send data. * * \param ssl SSL context * \param mtu Value of the path MTU in bytes