]> git.kaiwu.me - haproxy.git/commit
projects / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 243e68b) | patch
MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
authorThomas Prückl <plt@hainzl.at>
Wed, 27 Apr 2022 11:04:54 +0000 (13:04 +0200)
committerWilly Tarreau <w@1wt.eu>
Wed, 27 Apr 2022 14:53:43 +0000 (16:53 +0200)
commit10243938db38044a2977eedf806c79412fd8c9a4
tree3eabcd07042df139deb4e0fdbb92921c0acadab7tree | snapshot
parent243e68b552b1d27dd8f86c35394551c124652ed2commit | diff
MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"

Low footprint client machines may not have enough memory to download a
complete 16KB TLS record at once. With the new option the maximum
record size can be defined on the server side.

Note: Before limiting the the record size on the server side, a client should
consider using the TLS Maximum Fragment Length Negotiation Extension defined
in RFC6066.

This patch fixes GitHub issue #1679.
doc/configuration.txt diff | blob | history
include/haproxy/ssl_sock-t.h diff | blob | history
src/cfgparse-ssl.c diff | blob | history
src/ssl_sock.c diff | blob | history
haproxy upstream