diff --git a/lib/dynbuf.h b/lib/dynbuf.h
index cc7e5a12ed..72471bc104 100644
--- a/lib/dynbuf.h
+++ b/lib/dynbuf.h
@@ -99,4 +99,6 @@ char *Curl_dyn_take(struct dynbuf *s, size_t *plen);
 #define DYN_MQTT_RECV       (64*1024)
 #define DYN_MQTT_SEND       0xFFFFFFF
 #define DYN_CRLFILE_SIZE    (400*1024*1024) /* 400mb */
+#define DYN_CERTFILE_SIZE   (100*1024) /* 100KiB */
+#define DYN_KEYFILE_SIZE    (100*1024) /* 100KiB */
 #endif
diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 0f07e8e215..0087d5cbf7 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -868,8 +868,8 @@ init_config_builder_client_auth(struct Curl_easy *data,
     return CURLE_SSL_CERTPROBLEM;
   }
 
-  Curl_dyn_init(&cert_contents, SIZE_MAX);
-  Curl_dyn_init(&key_contents, SIZE_MAX);
+  Curl_dyn_init(&cert_contents, DYN_CERTFILE_SIZE);
+  Curl_dyn_init(&key_contents, DYN_KEYFILE_SIZE);
 
   if(!read_file_into(conn_config->clientcert, &cert_contents)) {
     failf(data, "rustls: failed to read client certificate file: '%s'",