On Mon, Jun 26, 2006 at 02:04:47PM +0100, Darryl Miles wrote: > Bodo Moeller wrote:
>> On Mon, Jun 26, 2006 at 12:35:57PM +0100, Darryl Miles wrote: >> Yes. During the first call to SSL_write(), OpenSSL may take as many >> bytes as fit into one TLS record, and encrypt this for transport. >> Then SSL_write() may fail with WANT_WRITE or WANT_READ both before and >> after this first record has been written, until finally all the data >> has been broken up into records and all these records have been sent. > Checky extra question: Out of interest what are the overheads for TLS > headers and block padding for bulk application data, is there an optimal > SSL_write() size that would align all of these factors in the encoded > output: > > * TLS header/protocol overhead > * Cipher blocks and chaining modes (picking the most commonly used) > * Blocking mode padding overhead > * Ethernet 1500 MTUs > > I presume the minimum is 1 byte, to be send and flushed at the receiver. > > But maximum block size I read somewhere maybe around 16Kb ? > > So if we were looking in the 1500 to 6000 byte region for a nicely > aligned SSL_write() size, what are the magic numbers ? If you want to minimize overhead, you should use records of maximum length, which is 2^14 plaintext bytes (with a slightly longer ciphertext). > The only thing that matters relates to data contents and length: > > * that once data has been FIRST introduced with SSL_write(), even if > that returned -1, I'm not allowed to alter the contents or reduce the > length within that I've already presented before. > > I presume I am allowed to increase the amount of data in a subsequent > SSL_write() call, or does that break TLS block length previously setup ? OpenSSL won't complain if you increase the length on subsequent SSL_write() calls. Bodo ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
