Skip to content

Use TLS record limit for REALITY target buffer#35

Open
M13-Perfect wants to merge 1 commit into
XTLS:mainfrom
M13-Perfect:use-tls-record-limit-for-target-buffer
Open

Use TLS record limit for REALITY target buffer#35
M13-Perfect wants to merge 1 commit into
XTLS:mainfrom
M13-Perfect:use-tls-record-limit-for-target-buffer

Conversation

@M13-Perfect

Copy link
Copy Markdown

Related to XTLS/Xray-core#6356.

Summary

REALITY currently uses a hardcoded 8192-byte buffer size for target TLS records.

This patch replaces the hardcoded value with the existing TLS record bound:

recordHeaderLen + maxCiphertextTLS13

This keeps the existing size variable and all downstream logic unchanged,
while deriving the bound from existing TLS constants instead of using an
arbitrary value.

Rationale

The linked Xray-core issue shows that www.microsoft.com can return a TLS
Certificate record with total length 8273 bytes, which exceeds the previous
8192-byte limit.

maxCiphertextTLS13 is already defined as 16384 + 256, and recordHeaderLen
accounts for the TLS record header. Using these existing constants keeps the
buffer bounded and aligned with the TLS 1.3 record boundary.

Relation to #33

This is an alternative implementation to #33. Instead of using 17 * 1024,
this patch reuses the existing TLS constants and keeps the change to a single
line.

Validation
Ran gofmt -w tls.go
Ran git diff --check
Verified in Docker

@M13-Perfect

Copy link
Copy Markdown
Author

Hi maintainers, this is my first contribution to REALITY.

I kept the change intentionally small by reusing the existing TLS constants instead of introducing another literal buffer size.

If you prefer a dedicated constant name, I am happy to adjust the patch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant