Increased the maximum size allowed for handshake messages to 128kb

This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.

2 files changed, 5 insertions, 2 deletions

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7d41b03407..247360374f 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -3324,11 +3324,14 @@ _gnutls_recv_hello_request(gnutls_session_t session, void *data,
  * This function will set the maximum size of all handshake messages.
  * Handshakes over this size are rejected with
  * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code.  The default value is
- * 48kb which is typically large enough.  Set this to 0 if you do not
+ * 128kb which is typically large enough.  Set this to 0 if you do not
  * want to set an upper limit.
  *
  * The reason for restricting the handshake message sizes are to
  * limit Denial of Service attacks.
+ *
+ * Note that the maximum handshake size was increased to 128kb
+ * from 48kb in GnuTLS 3.4.16.
  **/
 void
 gnutls_handshake_set_max_packet_length(gnutls_session_t session,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 24fdfb0d66..a61f37977c 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -109,7 +109,7 @@ typedef struct {
 /* The size of a handshake message should not
  * be larger than this value.
  */
-#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
+#define MAX_HANDSHAKE_PACKET_SIZE 128*1024
 
 /* The maximum digest size of hash algorithms. 
  */