[openssl-dev] Calculating DTLS payload MTU
David Woodhouse
dwmw2 at infradead.org
Tue Oct 4 23:39:51 UTC 2016
I have the link MTU (typically 1500 bytes), and a DTLS session is
established.
I call DTLS_set_link_mtu() to set the link MTU.
I need to know the DTLS data MTU — the maximum payload size, which
depends on the cipher in use.
For example for AES-128-GCM-SHA256 we'd start with 1500 and subtract:
- 20 bytes for a Legacy IP header.
- 8 bytes for UDP header.
- 13 bytes for DTLS header
- 16 bytes for the hash
- 8 bytes for nonce
... and be left with 1435 bytes.
In GnuTLS this is fairly trivial; I call gnutls_dtls_set_mtu() followed
by gnutls_dtls_get_data_mtu().
How do I do it in OpenSSL? Do I need to build a big table of the
overhead of all ciphers and calculate it for myself?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161005/fce4a1f3/attachment.bin>
More information about the openssl-dev
mailing list