diff options
Diffstat (limited to 'lib/ssl/sslsock.c')
-rw-r--r-- | lib/ssl/sslsock.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 286b35e7d..33595ffae 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -55,6 +55,7 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */ static sslOptions ssl_defaults = { .nextProtoNego = { siBuffer, NULL, 0 }, .maxEarlyDataSize = 1 << 16, + .recordSizeLimit = MAX_FRAGMENT_LENGTH + 1, .useSecurity = PR_TRUE, .useSocks = PR_FALSE, .requestCertificate = PR_FALSE, @@ -803,6 +804,15 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val) ss->opt.enable0RttData = val; break; + case SSL_RECORD_SIZE_LIMIT: + if (val < 64 || val > (MAX_FRAGMENT_LENGTH + 1)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } else { + ss->opt.recordSizeLimit = val; + } + break; + case SSL_ENABLE_TLS13_COMPAT_MODE: ss->opt.enableTls13CompatMode = val; break; @@ -944,6 +954,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRIntn *pVal) case SSL_ENABLE_0RTT_DATA: val = ss->opt.enable0RttData; break; + case SSL_RECORD_SIZE_LIMIT: + val = ss->opt.recordSizeLimit; + break; case SSL_ENABLE_TLS13_COMPAT_MODE: val = ss->opt.enableTls13CompatMode; break; @@ -1067,6 +1080,9 @@ SSL_OptionGetDefault(PRInt32 which, PRIntn *pVal) case SSL_ENABLE_0RTT_DATA: val = ssl_defaults.enable0RttData; break; + case SSL_RECORD_SIZE_LIMIT: + val = ssl_defaults.recordSizeLimit; + break; case SSL_ENABLE_TLS13_COMPAT_MODE: val = ssl_defaults.enableTls13CompatMode; break; @@ -1252,6 +1268,14 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val) ssl_defaults.enable0RttData = val; break; + case SSL_RECORD_SIZE_LIMIT: + if (val < 64 || val > (MAX_FRAGMENT_LENGTH + 1)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.recordSizeLimit = val; + break; + case SSL_ENABLE_TLS13_COMPAT_MODE: ssl_defaults.enableTls13CompatMode = val; break; |