[openssl-users] Network problems (not OpenSSL)

Viktor Dukhovni openssl-users at dukhovni.org
Wed Apr 19 14:51:02 UTC 2017

> On Apr 19, 2017, at 10:39 AM, Lasse Thorbro-Steenberg <lthorbrosteenberg at gmail.com> wrote:
> Using Wireshark I can see the TCP window remains open, but after a few seconds on 2mbs the server start fragmenting IP packets which completely drops the throughput to around 1 mbs. 
> Data is delivered successfully even with fragmentation, but the effective throughput achievable on the link drops significantly.

OpenSSL does not implement TCP/IP, and network throughput issues
need to solved at the network layer.  You may have path MTU issues,
or other networking problems.  If smaller than the MTU writes are
done back to back, you may want to disable Nagle's algorithm via
the appropriate setsockopt() call (enable TCP_NDELAY).

You should be able to see the same throughput issues just sending
data (similarly chunked) in the clear without OpenSSL.


More information about the openssl-users mailing list