Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: maxHandshake is not documented #35153

Closed
zhangyoufu opened this issue Oct 25, 2019 · 2 comments

Comments

@zhangyoufu
Copy link

@zhangyoufu zhangyoufu commented Oct 25, 2019

crypto/tls has a hard-coded limitation const maxHandshake = 65536 for handshake message length.

While a ClientHello message could has a maximum length of 131396 under extreme conditions, according to OpenSSL source code.

The 64KiB limitation is good at security perspective, to reduce server resource consumption. But I think it should be documented, as a Go specific behavior.

@dmitshur

This comment has been minimized.

Copy link
Member

@dmitshur dmitshur commented Oct 25, 2019

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Nov 10, 2019

Documenting something makes it a backwards compatibility promise, while this should be just an internal detail. What we do have is a clear error for when the limit is exceeded, so if it starts happening users can open an issue about it.

return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake))

(If you opened this issue because you hit the limit and you think we should increase it, feel free to open an issue for that.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.