Can I limit the length of the TLS messages in Node.js / express.js?

Question

I have a Node.js server serving (rather large) files over HTTPS. When using a "normal" HTTPS client, everything works as expected. But my main use case is serving those files to an embedded system (the larges files are firmware images).

The embedded system uses the mbedTLS library to create a secure SSL/TLS connection to my Node server and sends an HTTPS-request to download a file. The server faithfully answers with the file in the HTTP-body as an octet-stream.

async function createServer({ port, keys, cert }) {
  const app = express()
  app.use('/', express.static('images'))

  https.createServer({ key: keys.privateKey, cert }, app).listen(port, '0.0.0.0')
}

The problem: Due to memory limitations on the embedded system, my client has a maximum message buffer size of 4096 bytes. But the server sends data in much larger chunks (e.g. 16408 bytes per message). mbedTLS can't handle those large messages given the small buffers and refuses to decrypt the data.

Can I somehow tell Node to limit the amount of data it can send in one TLS message?

Answer 1

Have you tried passing the highWaterMark option like this:

function createServer({ port, keys, cert }) {
  const app = express()
  app.use('/', express.static('images', { highWaterMark: 1024 * 4 }))

  https.createServer({ key: keys.privateKey, cert }, app).listen(port, '0.0.0.0')
}

That options passed to express.static will be passed to the underlying fs.createReadStream created internally. Take a look at the official documentation for fs.createReadStream here.