summaryrefslogtreecommitdiffstats
path: root/src/include/ipxe/tls.h
diff options
context:
space:
mode:
authorMichael Brown2012-06-29 16:28:15 +0200
committerMichael Brown2012-06-29 16:28:15 +0200
commit9a8c6b00d4433eb5c24f50c0c4a93c127d77def0 (patch)
tree4c365afc9d8a34dbaf784779ac842c63142d4c07 /src/include/ipxe/tls.h
parent[tcp] Add support for TCP window scaling (diff)
downloadipxe-9a8c6b00d4433eb5c24f50c0c4a93c127d77def0.tar.gz
ipxe-9a8c6b00d4433eb5c24f50c0c4a93c127d77def0.tar.xz
ipxe-9a8c6b00d4433eb5c24f50c0c4a93c127d77def0.zip
[tls] Request a maximum fragment length of 2048 bytes
The default maximum plaintext fragment length for TLS is 16kB, which is a substantial amount of memory for iPXE to have to allocate for a temporary decryption buffer. Reduce the memory footprint of TLS connections by requesting a maximum fragment length of 2kB. Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/tls.h')
-rw-r--r--src/include/ipxe/tls.h9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 4273e4e5..2af864df 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -89,10 +89,17 @@ struct tls_header {
/* TLS signature algorithm identifiers */
#define TLS_RSA_ALGORITHM 1
-/* TLS extension types */
+/* TLS server name extension */
#define TLS_SERVER_NAME 0
#define TLS_SERVER_NAME_HOST_NAME 0
+/* TLS maximum fragment length extension */
+#define TLS_MAX_FRAGMENT_LENGTH 1
+#define TLS_MAX_FRAGMENT_LENGTH_512 1
+#define TLS_MAX_FRAGMENT_LENGTH_1024 2
+#define TLS_MAX_FRAGMENT_LENGTH_2048 3
+#define TLS_MAX_FRAGMENT_LENGTH_4096 4
+
/** TLS RX state machine state */
enum tls_rx_state {
TLS_RX_HEADER = 0,
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-30 23:19:29 +0200