ssl: Handle really big handshake packages

If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks.
author: Ingela Anderton Andin <[email protected]> 2016-12-22 23:05:10 +0100
committer: Ingela Anderton Andin <[email protected]> 2017-01-17 09:59:22 +0100
commit: 1364c7308e17d43d1a2244e3f2bf11cfec3789ef (patch)
tree: eac3ed9408e6e5873c9821193c0a0ebd4bddf8b6 /lib/ssl/src/ssl_handshake.hrl
parent: 605a4627a7383829559a1595457b860c1317da48 (diff)
download: otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.gz
otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.bz2
otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index fde92035a2..324b7dbde3 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -80,6 +80,9 @@
 -define(CLIENT_KEY_EXCHANGE, 16).
 -define(FINISHED, 20).
 
+-define(MAX_UNIT24, 8388607).
+-define(DEFAULT_MAX_HANDSHAKE_SIZE,  (256*1024)).
+
 -record(random, {
 	  gmt_unix_time, % uint32
 	  random_bytes   % opaque random_bytes[28]
author	Ingela Anderton Andin <[email protected]>	2016-12-22 23:05:10 +0100
committer	Ingela Anderton Andin <[email protected]>	2017-01-17 09:59:22 +0100
commit	1364c7308e17d43d1a2244e3f2bf11cfec3789ef (patch)
tree	eac3ed9408e6e5873c9821193c0a0ebd4bddf8b6 /lib/ssl/src/ssl_handshake.hrl
parent	605a4627a7383829559a1595457b860c1317da48 (diff)
download	otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.gz otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.bz2 otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.zip