[tls] Request a maximum fragment length of 2048 bytes

The default maximum plaintext fragment length for TLS is 16kB, which is a substantial amount of memory for iPXE to have to allocate for a temporary decryption buffer. Reduce the memory footprint of TLS connections by requesting a maximum fragment length of 2kB. Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2012-06-29 15:28:15 +0100
committer: Michael Brown <mcb30@ipxe.org> 2012-06-29 15:28:15 +0100
commit: 9a8c6b00d4433eb5c24f50c0c4a93c127d77def0 (patch)
tree: 4c365afc9d8a34dbaf784779ac842c63142d4c07 /src/include/ipxe/tls.h
parent: ea61075c60e6417203bbb5fd54e1f313c99c164c (diff)
download: ipxe-9a8c6b00d4433eb5c24f50c0c4a93c127d77def0.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 4273e4e54..2af864dfe 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -89,10 +89,17 @@ struct tls_header {
 /* TLS signature algorithm identifiers */
 #define TLS_RSA_ALGORITHM 1
 
-/* TLS extension types */
+/* TLS server name extension */
 #define TLS_SERVER_NAME 0
 #define TLS_SERVER_NAME_HOST_NAME 0
 
+/* TLS maximum fragment length extension */
+#define TLS_MAX_FRAGMENT_LENGTH 1
+#define TLS_MAX_FRAGMENT_LENGTH_512 1
+#define TLS_MAX_FRAGMENT_LENGTH_1024 2
+#define TLS_MAX_FRAGMENT_LENGTH_2048 3
+#define TLS_MAX_FRAGMENT_LENGTH_4096 4
+
 /** TLS RX state machine state */
 enum tls_rx_state {
 	TLS_RX_HEADER = 0,
author	Michael Brown <mcb30@ipxe.org>	2012-06-29 15:28:15 +0100
committer	Michael Brown <mcb30@ipxe.org>	2012-06-29 15:28:15 +0100
commit	9a8c6b00d4433eb5c24f50c0c4a93c127d77def0 (patch)
tree	4c365afc9d8a34dbaf784779ac842c63142d4c07 /src/include/ipxe/tls.h
parent	ea61075c60e6417203bbb5fd54e1f313c99c164c (diff)
download	ipxe-9a8c6b00d4433eb5c24f50c0c4a93c127d77def0.tar.gz