diff options
author | Ingela Anderton Andin <[email protected]> | 2016-12-22 23:05:10 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-01-17 09:59:22 +0100 |
commit | 1364c7308e17d43d1a2244e3f2bf11cfec3789ef (patch) | |
tree | eac3ed9408e6e5873c9821193c0a0ebd4bddf8b6 /lib/ssl/doc/src | |
parent | 605a4627a7383829559a1595457b860c1317da48 (diff) | |
download | otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.gz otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.bz2 otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.zip |
ssl: Handle really big handshake packages
If a handshake message is really big it could happen that the ssl
process would hang due to failing of requesting more data from the
socket. This has been fixed.
Also added option to limit max handshake size. It has a default
value that should be big enough to handle normal usage and small
enough to mitigate DoS attacks.
Diffstat (limited to 'lib/ssl/doc/src')
-rw-r--r-- | lib/ssl/doc/src/ssl.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index edc7e0d8b2..916b41742e 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -424,6 +424,14 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid </taglist> </item> + + <tag><c>max_handshake_size</c></tag> + <item> + <p>Integer (24 bits unsigned). Used to limit the size of + valid TLS handshake packets to avoid DoS attacks. + Defaults to 256*1024.</p> + </item> + </taglist> </item> |