Hello, > write(1, "Connection realized\r\n", 21) = 21 > select(5, [4], NULL, NULL, NULL > ------------------------------------------------------------------------- > I send a trame of 10 bytes > ------------------------------------------------------------------------- > read(4, "\27\3\0\0 ", 5) = 5 > read(4, "\260\347\362\263\264Q\267\2\17\303&\1\222\37A\367~d\203"..., 32) = 32 > read(4, "\27\3\0\0 ", 5) = 5 > read(4, "\177\376[\'\35\325[\242P\275F\313+b\233\261w\341Iu\336"..., 32) = 32 > select(5, [4], NULL, NULL, NULL This two SSL records does not mean that first 5 bytes of data is sent in first record and 5 next bytes in second. OpenSSL sends before every SSL record with real data - empty SSL record. So first record may be so called "empty fragment" and second record has real 10 bytes of data. For example if negotiated cipher is AES-MD5 then empty record will have 32 bytes ( 0(data)+16(md5sum)+16(padding)) and second record with data will have 32 bytes of data too ( 10(data)+16(md5sum)+6(padding)) (of course using sha1 does not change the final size too).
Empty records guards against some CBC attacks and this mechanism may be disabled by using SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag (not all implementation of SSL like empty fragments :-) Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
