-
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN
¶
SSL - Maximum buffer size
Max payload size for TLS protocol message
Type: int
Help¶
Maximum buffer size for incoming and outgoing mbed TLS I/O buffers. MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.
Help¶
The TLS standards mandate max payload size of 16384 bytes. So, for maximum operability and for general-purpose usage, that value must be used. For specific usages, that value can be largely decreased. E.g. for DTLS, payload size is limited by UDP datagram size, and even for HTTPS REST API, the payload can be limited to max size of (REST request, REST response, server certificate(s)). mbedTLS uses this value separate for input and output buffers, so twice this value will be allocated (on mbedTLS own heap, so the value of MBEDTLS_HEAP_SIZE should accommodate that).
Direct dependencies¶
(MBEDTLS_TLS_LIBRARY
&& NRF_SECURITY_ADVANCED
&& NRF_SECURITY_ANY_BACKEND
&& NORDIC_SECURITY_BACKEND
) || (MBEDTLS_BUILTIN
&& MBEDTLS
)
(Includes any dependencies from ifs and menus.)
Defaults¶
900 if
OPENTHREAD_NRF_SECURITY
16384
1500
Kconfig definitions¶
At <nrfxlib>/nrf_security/Kconfig:1507
Included via <Zephyr>/Kconfig:8
→ <Zephyr>/Kconfig.zephyr:9
→ <BuildDir>/Kconfig/Kconfig.modules:5
→ <nrfxlib>/Kconfig.nrfxlib:13
Menu path: (Top) → Modules → Nordic nrfxlib → Nordic Security → Use Nordic provided security backend → Advanced mbed TLS Configuration Settings
config MBEDTLS_SSL_MAX_CONTENT_LEN int "SSL - Maximum buffer size" range 0 16384 default 900 ifOPENTHREAD_NRF_SECURITY
default 16384 depends onMBEDTLS_TLS_LIBRARY
&&NRF_SECURITY_ADVANCED
&&NRF_SECURITY_ANY_BACKEND
&&NORDIC_SECURITY_BACKEND
help Maximum buffer size for incoming and outgoing mbed TLS I/O buffers. MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.
At <Zephyr>/modules/Kconfig.mbedtls:46
Included via <Zephyr>/Kconfig:8
→ <Zephyr>/Kconfig.zephyr:10
→ <Zephyr>/modules/Kconfig:17
Menu path: (Top) → Modules → mbedTLS Support
config MBEDTLS_SSL_MAX_CONTENT_LEN int "Max payload size for TLS protocol message" default 1500 depends onMBEDTLS_BUILTIN
&&MBEDTLS
help The TLS standards mandate max payload size of 16384 bytes. So, for maximum operability and for general-purpose usage, that value must be used. For specific usages, that value can be largely decreased. E.g. for DTLS, payload size is limited by UDP datagram size, and even for HTTPS REST API, the payload can be limited to max size of (REST request, REST response, server certificate(s)). mbedTLS uses this value separate for input and output buffers, so twice this value will be allocated (on mbedTLS own heap, so the value of MBEDTLS_HEAP_SIZE should accommodate that).
(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)