Query reg. using certificates bigger than 4k for EAP-TLS

Jan Just Keijser janjust at nikhef.nl
Wed Oct 20 15:46:18 UTC 2021

Hi Vishal,

On 20/10/21 13:34, Vishal Sinha wrote:
> Hi Matt
> The certificate is not large as such. But since it's a chain, the 
> overall size crosses 4k. We used BIO_set_write_buffer_size() API to 
> increase the size from 4k to 8k of the BIO buffer in SSL context.

just out of curiosity: does this issue occur with pppd with EAP-TLS 
support (which I originally added) ? if so, which version of the pppd 
code are you using or which version of the ppp-eap-tls patch?

If you *are* using pppd to do the EAP-TLS handshake then let me try to 
replicate your particular issue.



> On Wed, Oct 20, 2021 at 3:26 PM Vishal Sinha <vishals1991 at gmail.com 
> <mailto:vishals1991 at gmail.com>> wrote:
>     Hi
>     We are using openssl 1.1.1c version on our client and server.
>     Client and Server are doing EAP-TLS authentication using
>     certificates which are more than 4k in size (using 1 root CA and 2
>     intermediate CAs). We noticed that the server is not able to
>     handle it gracefully due to insufficient buffer size during SSL
>     handshake and hence authentication fails. To solve this issue, we
>     increased the buffer size to 8k programmatically and
>     authentication passed. Is there any other way to solve this problem?
>     Regards
>     Vishal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211020/cff79cd3/attachment.html>

More information about the openssl-users mailing list