Skip to content

Auto-port 5.0: SSL: Use sane defaults as limits for the client hello length and timeout#16897

Merged
chrisvest merged 1 commit into
5.0from
auto-port-pr-16871-to-5.0
Jun 4, 2026
Merged

Auto-port 5.0: SSL: Use sane defaults as limits for the client hello length and timeout#16897
chrisvest merged 1 commit into
5.0from
auto-port-pr-16871-to-5.0

Conversation

@netty-project-bot

Copy link
Copy Markdown
Contributor

Auto-port of #16871 to 5.0
Cherry-picked commit: 829c885


Motivation:

There were various issues here... first of in SslClientHelloHandler we used 16MB as default maximum limit for the client hello which could lead to huge memory usage. Second we used no limit at all and no timeout in AbstractSniHandler and its subclasses which is even worse.

Modifications:

  • Use 64KB as default limit
  • Use 10 seconds as default timeout (same as in SslHandler)

Result:

Saner defaults which helps to guard against high memory usage

…out (#16871)

Motivation:

There were various issues here... first of in SslClientHelloHandler we
used 16MB as default maximum limit for the client hello which could lead
to huge memory usage. Second we used no limit at all and no timeout in
AbstractSniHandler and its subclasses which is even worse.

Modifications:

- Use 64KB as default limit
- Use 10 seconds as default timeout (same as in SslHandler)

Result:

Saner defaults which helps to guard against high memory usage

(cherry picked from commit 829c885)
@chrisvest chrisvest added this to the 5.0.0.Final milestone Jun 2, 2026
@chrisvest chrisvest merged commit daec4f5 into 5.0 Jun 4, 2026
10 of 13 checks passed
@chrisvest chrisvest deleted the auto-port-pr-16871-to-5.0 branch June 4, 2026 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants