# Limitations and known issues

* When the CleanSession is set to `false`, the implementation is not spec compliant. The following is not honored:

> Must be kept in memory:
* All messages in a QoS 1 or 2 flow, which are not confirmed by the broker
* All received QoS 2 messages, which are not yet confirmed to the broker

This means retransmission is not honored in case of a failure.

* You cannot send payload larger that what can fit on RAM.

## SSL limitations

* SSL requires use of esp8266/Arduino 2.4.0, which is not yet released (platform = espressif8266_stage in PlatformIO).
* SSL requires the build flag -DASYNC_TCP_SSL_ENABLED=1
* SSL only supports fingerprints for server validation.
* If you do not specify one or more acceptable server fingerprints, the SSL connection will be vulnerable to man-in-the-middle attacks.
* Some server certificate signature algorithms do not work. SHA1, SHA224, SHA256, and MD5 are working. SHA384, and SHA512 will cause a crash.