diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-16 13:12:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-19 14:21:20 +0200 |
commit | 76a19a34ab187b5e86f8b33a97d475a83032a138 (patch) | |
tree | 2aae10d2e3b47a9beedef72f8a44af1e6e4c2a9e | |
parent | 83929667710937ee8b860ecd8a708d01fa534d1c (diff) | |
download | gnutls-76a19a34ab187b5e86f8b33a97d475a83032a138.tar.gz |
Increased the maximum size allowed for handshake messages to 128kb
This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.
-rw-r--r-- | lib/gnutls_handshake.c | 5 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 7d41b03407..247360374f 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -3324,11 +3324,14 @@ _gnutls_recv_hello_request(gnutls_session_t session, void *data, * This function will set the maximum size of all handshake messages. * Handshakes over this size are rejected with * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is - * 48kb which is typically large enough. Set this to 0 if you do not + * 128kb which is typically large enough. Set this to 0 if you do not * want to set an upper limit. * * The reason for restricting the handshake message sizes are to * limit Denial of Service attacks. + * + * Note that the maximum handshake size was increased to 128kb + * from 48kb in GnuTLS 3.4.16. **/ void gnutls_handshake_set_max_packet_length(gnutls_session_t session, diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 24fdfb0d66..a61f37977c 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -109,7 +109,7 @@ typedef struct { /* The size of a handshake message should not * be larger than this value. */ -#define MAX_HANDSHAKE_PACKET_SIZE 48*1024 +#define MAX_HANDSHAKE_PACKET_SIZE 128*1024 /* The maximum digest size of hash algorithms. */ |