Hai All, We are Using Memory BIO. We will Try this out and get back to you.
Regards Satya On Fri, Oct 31, 2014 at 4:48 PM, Yair Elharrar <yair.elhar...@audiocodes.com > wrote: > Which downstream BIO do you use? (SSL_set_bio) > Try to set ssl->d1->mtu directly, and override the downstream BIO's ctrl > function: > BIO_CTRL_DGRAM_QUERY_MTU - return the starting MTU > BIO_CTRL_DGRAM_GET_FALLBACK_MTU - return some value smaller than the > current MTU. > > ------------------------------ > *From:* owner-openssl-...@openssl.org [owner-openssl-...@openssl.org] on > behalf of T@Run..............! Polisetty [tarunpolise...@gmail.com] > *Sent:* Friday, October 31, 2014 13:01 > *To:* openssl-dev@openssl.org > *Subject:* Fwd: Query Regarding defining MTU for DTLS Packet > > > Hi All, > > I am Trying to limit the packet size for DTLS messages. By > using ssl_set_mtu() I am able to define max size for particular record. > > > But in the above Handshake OPENSSL combines multiple records and sends out in > a single UDP Packet.Is there a way we can configure > > OPENSSL such that it splits out each record into a separate UDP Packet in > case combination of DTLS record exceeds a given MTU? > > > > *Sample DTLS Handshake: * > > > Client Server > > > ClientHello + use_srtp --------> > ServerHello + use_srtp > Certificate* > ServerKeyExchange* > CertificateRequest* > <-------- ServerHelloDone > Certificate* > ClientKeyExchange > CertificateVerify* > [ChangeCipherSpec] > Finished --------> > [ChangeCipherSpec] > <-------- Finished > SRTP packets <-------> SRTP packets > > *Example*: Suppose my MTU is 1500 bytes > > > *Current **Behavior* > > ServerHello + use_srtp(100 > bytes) > Certificate*(1400 > bytes) > ServerKeyExchange*(50 bytes) > CertificateRequest*(50 bytes) > <-------- ServerHelloDone(50 bytes) > > > > > *Expected **Behavior* > > > ServerHello + use_srtp(100 bytes) > Certificate*(1400 > bytes) > > <-------- (Since we reached MTU OPENSSL > must split records into 2 UDP packets) > > ServerKeyExchange*(50 bytes) > > CertificateRequest*(50 bytes) > <-------- ServerHelloDone(50 bytes) > > > > Thanks > Satya > > > > ------------------------------ > > This email and any files transmitted with it are confidential material. > They are intended solely for the use of the designated individual or entity > to whom they are addressed. If the reader of this message is not the > intended recipient, you are hereby notified that any dissemination, use, > distribution or copying of this communication is strictly prohibited and > may be unlawful. > > If you have received this email in error please immediately notify the > sender and delete or destroy any copy of this message >
