Which downstream BIO do you use? (SSL_set_bio) Try to set ssl->d1->mtu directly, and override the downstream BIO's ctrl function: BIO_CTRL_DGRAM_QUERY_MTU - return the starting MTU BIO_CTRL_DGRAM_GET_FALLBACK_MTU - return some value smaller than the current MTU.
________________________________ From: owner-openssl-...@openssl.org [owner-openssl-...@openssl.org] on behalf of T@Run..............! Polisetty [tarunpolise...@gmail.com] Sent: Friday, October 31, 2014 13:01 To: openssl-dev@openssl.org Subject: Fwd: Query Regarding defining MTU for DTLS Packet Hi All, I am Trying to limit the packet size for DTLS messages. By using ssl_set_mtu() I am able to define max size for particular record. But in the above Handshake OPENSSL combines multiple records and sends out in a single UDP Packet.Is there a way we can configure OPENSSL such that it splits out each record into a separate UDP Packet in case combination of DTLS record exceeds a given MTU? Sample DTLS Handshake: Client Server ClientHello + use_srtp --------> ServerHello + use_srtp Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished SRTP packets <-------> SRTP packets Example: Suppose my MTU is 1500 bytes Current Behavior ServerHello + use_srtp(100 bytes) Certificate*(1400 bytes) ServerKeyExchange*(50 bytes) CertificateRequest*(50 bytes) <-------- ServerHelloDone(50 bytes) Expected Behavior ServerHello + use_srtp(100 bytes) Certificate*(1400 bytes) <-------- (Since we reached MTU OPENSSL must split records into 2 UDP packets) ServerKeyExchange*(50 bytes) CertificateRequest*(50 bytes) <-------- ServerHelloDone(50 bytes) Thanks Satya ________________________________ This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message