[openssl-users] How to know maximum sendable fragment size?

Tue Nov 7 03:56:37 UTC 2017

I've been developing this NodeJS plugin, it implements HTTPS server
and now client.
I was having an issue with HTTPS request getting ECONNRESET for no apparent
reason; so I implemented my own request, and ran into the same sort of
issue.  What I was requesting was some .js files from the server, and
apparently
my most recent changes to those files made them larger than some magic
number greater than 4096 but less than 6561.  The server was sending using
OpenSSL (statically linked in the NodeJS executable) on CentOS, and it was
sending the full length of the file as one buffer.  I'm using memory BIO to
interact with the SSL object; The buffer was transmitted as one block. With
my own client, (where I could add debugging) was receiving the full count
of bytes from the server but in two blocks, the first 4096 and the second
2472(something like that).  Because my network read buffer was only 4096....
So the first read was short, and caused SSL_read to fail, which I had
initially treated as a failure and terminated my connection.  I then
found I could (almost) check using SSL_pending before getting an error (really
I ended up doing SSL_read( ssl, NULL, 0 ) and then SSL_pending(ssl)
).  But after receiving the full count of bytes and having nothing
else to receive,
the message never completed (read return -1, and error 2, pending
returned 0 ). I manually broke up the transmission to 4356 (3*1452 -29)
bytes so it ends up sending in 3 full tcp buffer units, and that works.
(it's http protocol so it's got higher level gathering for the fragments).
It also works if I revert to using the NodeJS HTTPS request object instead
of my own.

So - how do I know what the maximum amount of data I can send is?

Node TLS object (on which HTTPS is based) has
tlsSocket.setMaxSendFragment(size)(which
defaults to 16384)  but that's about sending, not receiving, so I really
have no idea how big the receive buffer is actually.... (same as SSL send
fragment default)

I did find https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_
split_send_fragment.html but there's no get_for fragment size I could
find.  (this would be on the server side that I need to know how much I can
send).

how do I set how big of a fragment I can receive?  Like what if I tried to send
100's of Meg as a single fragment?   (I guess it should auto fragment to
like 16k)

I guess there (will be) SSL_CTX_set_default_read_buffer_len() (1.1.0)

(node's open ssl version)
#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2l  25 May 2017"

I guess read should default to something like SSL3_RT_MAX_PLAIN_LENGTH
+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD
(16704)  ?  I wonder why it doesn't.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171106/f8ee2713/attachment-0001.html>