CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN

SSL - Maximum buffer size

Max payload size for TLS protocol message

Type: int

Help

Maximum buffer size for incoming and outgoing mbed TLS I/O buffers. MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.

Help

The TLS standards mandate max payload size of 16384 bytes. So, for maximum operability and for general-purpose usage, that value must be used. For specific usages, that value can be largely decreased. E.g. for DTLS, payload size is limited by UDP datagram size, and even for HTTPS REST API, the payload can be limited to max size of (REST request, REST response, server certificate(s)). mbedTLS uses this value separate for input and output buffers, so twice this value will be allocated (on mbedTLS own heap, so the value of MBEDTLS_HEAP_SIZE should accommodate that).

Direct dependencies

(MBEDTLS_TLS_LIBRARY && NRF_SECURITY_ADVANCED && NRF_SECURITY_ANY_BACKEND && NORDIC_SECURITY_BACKEND) || (MBEDTLS_BUILTIN && MBEDTLS)

(Includes any dependencies from ifs and menus.)

Defaults

• 900 if OPENTHREAD_NRF_SECURITY

• 16384

• 1500

Kconfig definitions

At <nrfxlib>/nrf_security/Kconfig:1507

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:9 → <BuildDir>/Kconfig/Kconfig.modules:5 → <nrfxlib>/Kconfig.nrfxlib:13

Menu path: (Top) → Modules → Nordic nrfxlib → Nordic Security → Use Nordic provided security backend → Advanced mbed TLS Configuration Settings

config MBEDTLS_SSL_MAX_CONTENT_LEN
    int "SSL - Maximum buffer size"
    range 0 16384
    default 900 if OPENTHREAD_NRF_SECURITY
    default 16384
    depends on MBEDTLS_TLS_LIBRARY && NRF_SECURITY_ADVANCED && NRF_SECURITY_ANY_BACKEND && NORDIC_SECURITY_BACKEND
    help
      Maximum buffer size for incoming and outgoing mbed TLS I/O buffers.
      MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.

---

At <Zephyr>/modules/Kconfig.mbedtls:46

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:10 → <Zephyr>/modules/Kconfig:17

Menu path: (Top) → Modules → mbedTLS Support

config MBEDTLS_SSL_MAX_CONTENT_LEN
    int "Max payload size for TLS protocol message"
    default 1500
    depends on MBEDTLS_BUILTIN && MBEDTLS
    help
      The TLS standards mandate max payload size of 16384 bytes. So, for
      maximum operability and for general-purpose usage, that value must
      be used. For specific usages, that value can be largely decreased.
      E.g. for DTLS, payload size is limited by UDP datagram size, and
      even for HTTPS REST API, the payload can be limited to max size of
      (REST request, REST response, server certificate(s)).
      mbedTLS uses this value separate for input and output buffers, so
      twice this value will be allocated (on mbedTLS own heap, so the
      value of MBEDTLS_HEAP_SIZE should accommodate that).

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)