> > On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote: > > > FWIW I checked a couple of TLS implementations I have around (GnuTLS > > > and s2n), and AFAICT they don't check for a maximum size at all. > > > > what do you mean by that? As we've said with Matt, you can't create a > > valid Client Hello bigger than 131396 bytes... > > The fact that the other libraries don't do this check at all suggests that > increasing the limit in OpenSSL (or even removing the limit completely) > shouldn't affect it negatively.
Actually it suggests that they don't do their due diligence. If there is not a valid Hello message that is greater than 131396 bytes, then there is no reason to allow for one either. On the contrary, there is every reason to protect oneself from Godzillagrams. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
