sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-25 00:17:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Request a maximum fragment length of 2048 bytes

Browse Source 
The default maximum plaintext fragment length for TLS is 16kB, which
is a substantial amount of memory for iPXE to have to allocate for a
temporary decryption buffer.

Reduce the memory footprint of TLS connections by requesting a maximum
fragment length of 2kB.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2012-06-29 15:28:15 +01:00
parent ea61075c60
commit 9a8c6b00d4
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/net/tls.c
View File

@@ -869,6 +869,11 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
uint8_t name[ strlen ( tls->name ) ];
} __attribute__ (( packed )) list[1];
} __attribute__ (( packed )) server_name;
uint16_t max_fragment_length_type;
uint16_t max_fragment_length_len;
struct {
uint8_t max;
} __attribute__ (( packed )) max_fragment_length;
} __attribute__ (( packed )) extensions;
} __attribute__ (( packed )) hello;
unsigned int i;
@@ -894,6 +899,12 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
= htons ( sizeof ( hello.extensions.server_name.list[0].name ));
memcpy ( hello.extensions.server_name.list[0].name, tls->name,
sizeof ( hello.extensions.server_name.list[0].name ) );
hello.extensions.max_fragment_length_type
= htons ( TLS_MAX_FRAGMENT_LENGTH );
hello.extensions.max_fragment_length_len
= htons ( sizeof ( hello.extensions.max_fragment_length ) );
hello.extensions.max_fragment_length.max
= TLS_MAX_FRAGMENT_LENGTH_2048;
return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
}