[openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

Michael Wojcik Michael.Wojcik at microfocus.com
Sun Oct 9 21:09:41 UTC 2016

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Ajay Garg
> Sent: Sunday, October 09, 2016 14:12
> Also, for all my cases, Nagle's algorithm has been disabled on the
> client as well as the server, so every write (at client/server)
> constitutes a packet-transferred.

This assumption is incorrect. Nagle is not the only factor which interferes with a 1-to-1 mapping between application sends and (IP) packets on the wire. The peer's receive window, the interface and path MTUs, fragmentation, transient network failures ... many  things can either split an application message into multiple IP packets or even multiple TCP segments, or cause multiple application messages to be coalesced into a single TCP segment (which usually is also a single IP packet, now that path MTU determination usually works properly).

You should never assume TCP is anything other than a byte-stream service. An application that makes any assumptions about how its send operations translate into TCP segments or IP packets is asking for trouble.

Michael Wojcik 
Distinguished Engineer, Micro Focus 

More information about the openssl-users mailing list