I think the problem you are describing relates to some padding the OpenSSL library uses. It has to use padding because of some requirements of the cipher in use. So in fact when you are sending 64 bytes with SSL_write(), after encryption 138 bytes get sent through the TCP socket.
I hope this helped.
P.S. Can someone who knows more about this give some more info on this issue? I'm interested because we are writing an application that has to use OpenSSL and we send relatively small packets (~30 bytes) all the time. Would be nice to know which cipher gives best security/padding overhead ratio. :)
Thanks, laca
Daniele Brevi wrote:
Hi to all,
I have some problems with buffering mechanism in OpenSSL whit SSL_write/read. I want to add TLS protection at a simple c/s program. My code permits to set the socket buffer length. So, using the socket option TCP_NODELAY, I can send on the net packets with wanted length. Now I will do this also with TLS packet. My code do an handshake (with SSL_connect/accept) and exchange correctly crypted data with SSL_write/read (I don't use any BIO_* in my code I use similar code of cli.cpp and sev.cpp in demos dir), the problem is that also if I set TCP_NODELAY in socket options, SSL_write seems ignore it. For example if I want send a 64 B length packet, I obtain a 138 TCP length packet (I think it is 64*2 + 5*2 where 5 is the SSL data overhead) instead of a 64+5 TCP length packet.
someone can help me?
thanks in advance
Daniele Brevi
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
