Sharon Hezy <shezy@spearheadsecuri ty.com> writes:
> -->(1) You need to check the MAC which only appears at the end of
> -->the record.
>
> Is it right that you still can say that maximum *SSL* record size (not TCP)
> is about 16K - I don't remember the exact number, but this is the maximum
> size of encrypted block as defined in OpenSSL headers. Or, it will be wrong
> assumption? And, if it right, who defined it like that, RFC?
The official maximum size of the plaintext is 2^14 bytes. (See Section
6.2 of RFC 2246). The official maximum record size is a little larger
(2^14 + 2048 + 5) to account for data expansion and the record header.
That said, some implementations (Microsoft) violate this limit.
In any case, since TCP segments are typically <1500 bytes long,
most records will span multiple TCP segments.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
