[openssl-users] configuring OpenSSL to split handshake messages

Viktor Dukhovni openssl-users at dukhovni.org
Thu Nov 15 20:12:20 UTC 2018

> On Nov 15, 2018, at 5:53 AM, Eugène Adell <eugene.adell at gmail.com> wrote:
> I am looking for a way to configure OpenSSL then it will send handshake
> records one by one in their respective TCP packet, instead of sending one
> big message containing several records. Typically, in my network captures
> I see the server sending one message containing Server Hello + Certificate
> + Server Hello Done records, and I would like to know how to send 3
> messages, each one containing only one record. I checked OpenSSL options
> and the user mailing-list archives without finding the answer, and I am
> not sure this is even possible (by configuration only).

Not possible "by configuration only", but if you put a biopair between
OpenSSL and the network, you can read TLS records from the output side
of the biopair (by reading the record header, and then reading the
corresponding number of payload bytes), and then attempt to transmit
each record separately by performing a separate write to the TCP
socket (with Nagle delays disabled).

Of course you'll then also need to read from the network socket and
write the data to the input side of the biopair.  There are examples
of biopair use you can find.


More information about the openssl-users mailing list