[openssl-users] configuring OpenSSL to split handshake messages

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Nov 15 14:12:59 UTC 2018

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Matt Caswell
> Sent: Thursday, November 15, 2018 06:12
> On 15/11/2018 10:53, Eugène Adell wrote:
> > I am looking for a way to configure OpenSSL then it will send handshake records
> > one by one in their respective TCP packet, instead of sending one big message
> > containing several records.
> I'm intrigued to know why you would want to do that. Anyway, I don't believe
> this is currently possible without modifying the OpenSSL source code.

Even then, it can't be guaranteed at the application level. TCP is a byte-stream service; the stack is permitted to accumulate application sends and split them into TCP segments any way it likes. (And then there's the possibility of IP fragmentation on top of that, though that shouldn't happen on a local network and is unlikely these days in any case, thanks to Path MTU.)

Networking APIs such as sockets may let the application attempt to flush output, but the stack can ignore that.

Similarly, on the receiving side, the stack can accumulate data or deliver it to the receiving application piecemeal. As long as it's not reordered, TCP makes no guarantees about how it's broken up. (There's the TCP PSH [Push] flag, but that's merely advistory to the receiving stack; the stack can ignore it.)

Applications (which includes OpenSSL in this context) should not try to control how messages appear on the wire, aside from attempting to avoid small sends when there is additional data available to send.

Michael Wojcik
Distinguished Engineer, Micro Focus

More information about the openssl-users mailing list