diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-16 13:12:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-19 14:23:05 +0200 |
commit | ccd7eb3961d8064320b145c294e10b5025d145ba (patch) | |
tree | cc2cf9f143fc820029c3e379166d6561bd52f69b | |
parent | 9d6afc8a4d05bb7fe1750c14f88c466e7abcd2f8 (diff) | |
download | gnutls-ccd7eb3961d8064320b145c294e10b5025d145ba.tar.gz |
Increased the maximum size allowed for handshake messages to 128kb
This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.
-rw-r--r-- | lib/gnutls_handshake.c | 5 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index cad2477b2e..5e2c898170 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -3518,11 +3518,14 @@ remove_unwanted_ciphersuites(gnutls_session_t session, * This function will set the maximum size of all handshake messages. * Handshakes over this size are rejected with * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is - * 48kb which is typically large enough. Set this to 0 if you do not + * 128kb which is typically large enough. Set this to 0 if you do not * want to set an upper limit. * * The reason for restricting the handshake message sizes are to * limit Denial of Service attacks. + * + * Note that the maximum handshake size was increased to 128kb + * from 48kb in GnuTLS 3.3.25. **/ void gnutls_handshake_set_max_packet_length(gnutls_session_t session, diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5323d4135b..8283b22936 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -111,7 +111,7 @@ typedef struct { /* The size of a handshake message should not * be larger than this value. */ -#define MAX_HANDSHAKE_PACKET_SIZE 48*1024 +#define MAX_HANDSHAKE_PACKET_SIZE 128*1024 #define TLS_MAX_SESSION_ID_SIZE 32 |