diff --git a/lib/std/crypto/tls/Client.zig b/lib/std/crypto/tls/Client.zig
index c809a2e998..44a73c344a 100644
--- a/lib/std/crypto/tls/Client.zig
+++ b/lib/std/crypto/tls/Client.zig
@@ -109,7 +109,7 @@ pub const Options = struct {
     read_buffer: []u8,
     /// Cryptographically secure random bytes. The pointer is not captured; data is only
     /// read during `init`.
-    entropy: *const [240]u8,
+    entropy: *const [entropy_len]u8,
     /// Current time according to the wall clock / calendar, in seconds.
     realtime_now_seconds: i64,
 
@@ -130,6 +130,8 @@ pub const Options = struct {
     allow_truncation_attacks: bool = false,
     /// Populated when `error.TlsAlert` is returned from `init`.
     alert: ?*tls.Alert = null,
+
+    pub const entropy_len = 240;
 };
 
 const InitError = error{
diff --git a/lib/std/http/Client.zig b/lib/std/http/Client.zig
index e571d1a4b0..ddfcd96b6a 100644
--- a/lib/std/http/Client.zig
+++ b/lib/std/http/Client.zig
@@ -321,7 +321,7 @@ pub const Connection = struct {
             assert(base.ptr + alloc_len == socket_read_buffer.ptr + socket_read_buffer.len);
             @memcpy(host_buffer, remote_host.bytes);
             const tls: *Tls = @ptrCast(base);
-            var random_buffer: [240]u8 = undefined;
+            var random_buffer: [std.crypto.tls.Client.Options.entropy_len]u8 = undefined;
             io.random(&random_buffer);
             tls.* = .{
                 .connection = .{