[openssl-users] Record aggregation with TLS Client
Dan S
danchik at rebelbase.com
Fri Jun 24 21:45:21 UTC 2016
You can look into modifying the window size for transmission (likely
devastating your throughput, considering it will have to drop from around
usual 64K to about a tenth of the size - mostly notably with the increase
of ACKs and header repetition with each packet ... falls too far and it
will start resending same packets again .. this is notable especially when
there is other traffic on the network). Also can try providing the
TCP_NODELAY option, but that also will not guarantee the packets separation
because there are many other things that control it (for example if the
receiver is far behind responding with ACKs so the sender will keep
buffering if it ends too far ahead and blocks)
On Wed, Jun 22, 2016 at 7:54 AM, Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:
> By "a single packet", do you mean a single TCP segment?
>
>
>
> No, there's no way to ensure they're sent in separate TCP segments. TCP
> segmentation is a function of the TCP/IP stack. And your application knows
> nothing about it anyway; TCP is a byte-stream protocol.
>
>
>
> Why do you think you want to do this? (When people ask this question, for
> TLS or any other protocol, it almost always indicates that they don't
> understand TCP and have a broken design. TCP is not a record-based
> protocol.)
>
>
>
> Michael Wojcik
> Technology Specialist, Micro Focus
>
>
>
>
>
> *From:* openssl-users [mailto:openssl-users-bounces at openssl.org] *On
> Behalf Of *Rajeswari K
> *Sent:* Tuesday, June 21, 2016 23:41
> *To:* openssl-users at openssl.org
> *Subject:* [openssl-users] Record aggregation with TLS Client
>
>
>
> Hello Openssl users,
>
>
>
> Having a query on when our device acitng as TLS Client, we observed that
> both client certificate and client key exchange messages are going in a
> single packet.
>
>
>
> Is there any way to separate this? That means is there any option to avoid
> multiple records in a single packet?
>
>
>
>
>
> Thanks,
>
> Rajeswari.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160624/8ae5f735/attachment.html>
More information about the openssl-users
mailing list