diff --git a/configure.ac b/configure.ac index 129010458..f7a009655 100644 --- a/configure.ac +++ b/configure.ac @@ -186,7 +186,7 @@ AC_ARG_ENABLE(fortress, if test "$ENABLED_FORTRESS" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD" + AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DBIG_SESSION_CACHE -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD" fi diff --git a/cyassl/internal.h b/cyassl/internal.h index c0e32cff2..ca87b5ba4 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -356,7 +356,11 @@ enum Misc { MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ MAX_PSK_KEY_LEN = 64, /* max psk key supported */ +#ifdef FORTRESS + MAX_CHAIN_DEPTH = 9, /* max cert chain peer depth, FORTRESS option */ +#else MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */ +#endif MAX_X509_SIZE = 2048, /* max static x509 buffer size */ CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ MAX_FILENAME_SZ = 256, /* max file name length */ diff --git a/src/ssl.c b/src/ssl.c index 505c010d7..e6a2553a7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -530,8 +530,10 @@ int AddCA(CYASSL_CTX* ctx, buffer der, int type) /* basic config gives a cache with 33 sessions, adequate for clients and embedded servers - BIG_SESSION_CACHE allows 1055 sessions, adequate for servers that aren't - under heavy load, basically allows 200 new sessions per minute + MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that + aren't under heavy load, basically allows 200 new sessions per minute + + BIG_SESSION_CACHE yields 20,0027 sessions HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load, allows over 13,000 new sessions per minute or over 200 new sessions per @@ -545,6 +547,9 @@ int AddCA(CYASSL_CTX* ctx, buffer der, int type) #define SESSIONS_PER_ROW 11 #define SESSION_ROWS 5981 #elif defined(BIG_SESSION_CACHE) + #define SESSIONS_PER_ROW 7 + #define SESSION_ROWS 2861 + #elif defined(MEDIUM_SESSION_CACHE) #define SESSIONS_PER_ROW 5 #define SESSION_ROWS 211 #elif defined(SMALL_SESSION_CACHE)