Query reg. using certificates bigger than 4k for EAP-TLS

Vishal Sinha vishals1991 at gmail.com
Wed Oct 20 11:34:59 UTC 2021

Hi Matt

The certificate is not large as such. But since it's a chain, the overall
size crosses 4k. We used BIO_set_write_buffer_size() API to increase the
size from 4k to 8k of the BIO buffer in SSL context.


On Wed, Oct 20, 2021 at 3:26 PM Vishal Sinha <vishals1991 at gmail.com> wrote:

> Hi
> We are using openssl 1.1.1c version on our client and server. Client and
> Server are doing EAP-TLS authentication using certificates which are more
> than 4k in size (using 1 root CA and 2 intermediate CAs). We noticed that
> the server is not able to handle it gracefully due to insufficient buffer
> size during SSL handshake and hence authentication fails. To solve this
> issue, we increased the buffer size to 8k programmatically and
> authentication passed. Is there any other way to solve this problem?
> Regards
> Vishal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211020/1c5ce00c/attachment.html>

More information about the openssl-users mailing list