diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-16 13:12:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-19 14:18:54 +0200 |
commit | 8d96e85a8d7c87909674dd0372dd8c8d481f38b1 (patch) | |
tree | 7ee319ddeb2e2c29b301ceb1b075fb0b467346da /lib | |
parent | 568418fbc9c2529874e17a3f151d099a8e9fc717 (diff) | |
download | gnutls-8d96e85a8d7c87909674dd0372dd8c8d481f38b1.tar.gz |
Increased the maximum size allowed for handshake messages to 128kb
This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/handshake.c | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8eb555361f..3b8d6299f9 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -105,7 +105,7 @@ typedef struct { /* The size of a handshake message should not * be larger than this value. */ -#define MAX_HANDSHAKE_PACKET_SIZE 48*1024 +#define MAX_HANDSHAKE_PACKET_SIZE 128*1024 /* The maximum digest size of hash algorithms. */ diff --git a/lib/handshake.c b/lib/handshake.c index 9a8c9acc3f..e9751ef9d5 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -3392,11 +3392,14 @@ _gnutls_recv_hello_request(gnutls_session_t session, void *data, * This function will set the maximum size of all handshake messages. * Handshakes over this size are rejected with * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is - * 48kb which is typically large enough. Set this to 0 if you do not + * 128kb which is typically large enough. Set this to 0 if you do not * want to set an upper limit. * * The reason for restricting the handshake message sizes are to * limit Denial of Service attacks. + * + * Note that the maximum handshake size was increased to 128kb + * from 48kb in GnuTLS 3.5.5. **/ void gnutls_handshake_set_max_packet_length(gnutls_session_t session, |