From 1364c7308e17d43d1a2244e3f2bf11cfec3789ef Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 22 Dec 2016 23:05:10 +0100 Subject: ssl: Handle really big handshake packages If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks. --- lib/ssl/doc/src/ssl.xml | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index edc7e0d8b2..916b41742e 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -424,6 +424,14 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid + + max_handshake_size + +

Integer (24 bits unsigned). Used to limit the size of + valid TLS handshake packets to avoid DoS attacks. + Defaults to 256*1024.

+
+ -- cgit v1.2.3