RE: Query Regarding defining MTU for DTLS Packet

Fri, 31 Oct 2014 04:22:58 -0700 

Which downstream BIO do you use? (SSL_set_bio)
Try to set ssl->d1->mtu directly, and override the downstream BIO's ctrl 
function:
BIO_CTRL_DGRAM_QUERY_MTU - return the starting MTU
BIO_CTRL_DGRAM_GET_FALLBACK_MTU - return some value smaller than the current 
MTU.

________________________________
From: owner-openssl-...@openssl.org [owner-openssl-...@openssl.org] on behalf 
of T@Run..............! Polisetty [tarunpolise...@gmail.com]
Sent: Friday, October 31, 2014 13:01
To: openssl-dev@openssl.org
Subject: Fwd: Query Regarding defining MTU for DTLS Packet


Hi All,

I am Trying to limit the packet size for DTLS messages. By using ssl_set_mtu() 
I am able to define max size for particular record.


But in the above Handshake OPENSSL combines multiple records and sends out in a 
single UDP Packet.Is there a way we can configure

OPENSSL such that it splits out each record into a separate UDP Packet in case 
combination of DTLS record  exceeds a given MTU?



Sample DTLS Handshake:


         Client                                               Server


         ClientHello + use_srtp       -------->
                                              ServerHello + use_srtp
                                                        Certificate*
                                                  ServerKeyExchange*
                                                 CertificateRequest*
                                      <--------      ServerHelloDone
         Certificate*
         ClientKeyExchange
         CertificateVerify*
         [ChangeCipherSpec]
         Finished                     -------->
                                                  [ChangeCipherSpec]
                                      <--------             Finished
         SRTP packets                 <------->      SRTP packets



Example:  Suppose my MTU is 1500 bytes


Current Behavior

                                                 ServerHello + use_srtp(100 
bytes)
                                                        Certificate*(1400 bytes)
                                                  ServerKeyExchange*(50 bytes)
                                                 CertificateRequest*(50 bytes)
                                      <--------      ServerHelloDone(50 bytes)




Expected Behavior


                                             ServerHello + use_srtp(100 bytes)
                                                        Certificate*(1400 bytes)

                                      <-------- (Since we reached MTU OPENSSL 
must split records into 2 UDP packets)

ServerKeyExchange*(50 bytes)

                                                 CertificateRequest*(50 bytes)
                                      <--------      ServerHelloDone(50 bytes)



Thanks
Satya



________________________________

This email and any files transmitted with it are confidential material. They 
are intended solely for the use of the designated individual or entity to whom 
they are addressed. If the reader of this message is not the intended 
recipient, you are hereby notified that any dissemination, use, distribution or 
copying of this communication is strictly prohibited and may be unlawful.

If you have received this email in error please immediately notify the sender 
and delete or destroy any copy of this message

Reply via email to