> Here there are two Wireshark Captures. I hope they are correct. Steven was right, it's not ServerHello, but CertificateRequest that is responsible for excessive fragment size. Your server sends 276 distinguished names in CertificateRequest summing up to more than 32KB. As already mentioned I'm inclined to dismiss the problem as non-OpenSSL, because the other side in not compliant with specification. And there is a way to minimize CertificateRequest on server side.
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
