CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN

Max payload size for TLS protocol message

SSL - Maximum buffer size

Max payload size for TLS protocol message

Type: int

Help

The TLS standards mandate max payload size of 16384 bytes. So, for
maximum operability and for general-purpose usage, that value must
be used. For specific usages, that value can be largely decreased.
E.g. for DTLS, payload size is limited by UDP datagram size, and
even for HTTPS REST API, the payload can be limited to max size of
(REST request, REST response, server certificate(s)).
mbedTLS uses this value separate for input and output buffers, so
twice this value will be allocated (on mbedTLS own heap, so the
value of MBEDTLS_HEAP_SIZE should accommodate that).

Help

Maximum buffer size for incoming and outgoing mbed TLS I/O buffers.
MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.

Help

The TLS standards mandate max payload size of 16384 bytes. So, for
maximum operability and for general-purpose usage, that value must
be used. For specific usages, that value can be largely decreased.
E.g. for DTLS, payload size is limited by UDP datagram size, and
even for HTTPS REST API, the payload can be limited to max size of
(REST request, REST response, server certificate(s)).
mbedTLS uses this value separate for input and output buffers, so
twice this value will be allocated (on mbedTLS own heap, so the
value of MBEDTLS_HEAP_SIZE should accommodate that).

Direct dependencies

PELION_SOURCES || (MBEDTLS_BUILTIN && MBEDTLS) || (MBEDTLS_TLS_LIBRARY && NRF_SECURITY_ADVANCED && NRF_SECURITY_ANY_BACKEND && NORDIC_SECURITY_BACKEND) || (MBEDTLS_BUILTIN && MBEDTLS && 0)

(Includes any dependencies from ifs and menus.)

Defaults

• 4096

• 1500

• 900 if OPENTHREAD_NRF_SECURITY

• 16384

• 1500

Kconfig definitions

At <nRF>/lib/pelion/Kconfig:26

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:2 → <nRF>/Kconfig.nrf:56 → <nRF>/lib/Kconfig:35

Menu path: (Top) → Modules → nrf (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrf) → Nordic nRF Connect → Libraries → Pelion Device Management Client Library

config MBEDTLS_SSL_MAX_CONTENT_LEN
    int
    default 4096
    depends on PELION_SOURCES

---

At <Zephyr>/modules/mbedtls/Kconfig:64

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:68

Menu path: (Top) → Modules → mbedtls (/home/runner/work/sdk-nrf/sdk-nrf/ncs/modules/crypto/mbedtls) → mbed TLS Support

config MBEDTLS_SSL_MAX_CONTENT_LEN
    int "Max payload size for TLS protocol message"
    default 1500
    depends on MBEDTLS_BUILTIN && MBEDTLS
    help
      The TLS standards mandate max payload size of 16384 bytes. So, for
      maximum operability and for general-purpose usage, that value must
      be used. For specific usages, that value can be largely decreased.
      E.g. for DTLS, payload size is limited by UDP datagram size, and
      even for HTTPS REST API, the payload can be limited to max size of
      (REST request, REST response, server certificate(s)).
      mbedTLS uses this value separate for input and output buffers, so
      twice this value will be allocated (on mbedTLS own heap, so the
      value of MBEDTLS_HEAP_SIZE should accommodate that).

---

At <nrfxlib>/nrf_security/Kconfig:1553

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:86 → <nrfxlib>/Kconfig.nrfxlib:13

Menu path: (Top) → Modules → nrfxlib (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrfxlib) → Nordic nrfxlib → Nordic Security → Use Nordic provided security backend → Advanced mbed TLS Configuration Settings

config MBEDTLS_SSL_MAX_CONTENT_LEN
    int "SSL - Maximum buffer size"
    range 0 16384
    default 900 if OPENTHREAD_NRF_SECURITY
    default 16384
    depends on MBEDTLS_TLS_LIBRARY && NRF_SECURITY_ADVANCED && NRF_SECURITY_ANY_BACKEND && NORDIC_SECURITY_BACKEND
    help
      Maximum buffer size for incoming and outgoing mbed TLS I/O buffers.
      MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.

---

At <Zephyr>/modules/mbedtls/Kconfig:64

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:74

Menu path: (Top) → Modules → mbed TLS Support

config MBEDTLS_SSL_MAX_CONTENT_LEN
    int "Max payload size for TLS protocol message"
    default 1500
    depends on MBEDTLS_BUILTIN && MBEDTLS && 0
    help
      The TLS standards mandate max payload size of 16384 bytes. So, for
      maximum operability and for general-purpose usage, that value must
      be used. For specific usages, that value can be largely decreased.
      E.g. for DTLS, payload size is limited by UDP datagram size, and
      even for HTTPS REST API, the payload can be limited to max size of
      (REST request, REST response, server certificate(s)).
      mbedTLS uses this value separate for input and output buffers, so
      twice this value will be allocated (on mbedTLS own heap, so the
      value of MBEDTLS_HEAP_SIZE should accommodate that).

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)