Query reg. using certificates bigger than 4k for EAP-TLS

Matt Caswell matt at openssl.org
Wed Oct 20 10:22:14 UTC 2021

On 20/10/2021 10:56, Vishal Sinha wrote:
> We are using openssl 1.1.1c version on our client and server. Client and 
> Server are doing EAP-TLS authentication using certificates which are 
> more than 4k in size (using 1 root CA and 2 intermediate CAs). We 
> noticed that the server is not able to handle it gracefully due to 
> insufficient buffer size during SSL handshake and hence authentication 
> fails. To solve this issue, we increased the buffer size to 8k 
> programmatically and authentication passed. Is there any other way to 
> solve this problem?

Which buffer did you change? Do you have an example certificate that is 
shareable? Is it the certificate that is too large, or the whole chain?


More information about the openssl-users mailing list