Increased the maximum size allowed for handshake messages to 128kb

This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8eb555361fb6814d638612dcdd98f0e9ba4ac7ea..3b8d6299f9c40079fa02e5b48ae2c8404b9cbb0e 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -105,7 +105,7 @@ typedef struct {
 /* The size of a handshake message should not
  * be larger than this value.
  */
-#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
+#define MAX_HANDSHAKE_PACKET_SIZE 128*1024
 
 /* The maximum digest size of hash algorithms. 
  */

diff --git a/lib/handshake.c b/lib/handshake.c
index 9a8c9acc3f746ec041a3ffcd4b3a5ae0da4c1762..e9751ef9d5328b704fde0b088585430cf2248dd4 100644 (file)
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -3392,11 +3392,14 @@ _gnutls_recv_hello_request(gnutls_session_t session, void *data,
  * This function will set the maximum size of all handshake messages.
  * Handshakes over this size are rejected with
  * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code.  The default value is
- * 48kb which is typically large enough.  Set this to 0 if you do not
+ * 128kb which is typically large enough.  Set this to 0 if you do not
  * want to set an upper limit.
  *
  * The reason for restricting the handshake message sizes are to
  * limit Denial of Service attacks.
+ *
+ * Note that the maximum handshake size was increased to 128kb
+ * from 48kb in GnuTLS 3.5.5.
  **/
 void
 gnutls_handshake_set_max_packet_length(gnutls_session_t session,