Re: [openssl-users] TLS Heartbeat

2016-12-10 Thread Jeffrey Walton 
On Sat, Dec 10, 2016 at 9:25 PM, Rasool, Kaja Mohideen (Nokia - IN)
 wrote:
> Ok, maybe, TCP is doing it. Is there any other API using which I can specify
> the payload length & number of bytes for padding to send a TLS Heartbeat
> request? Then, I can use that API to send out a big enough heartbeat request
> so my server recognize & responds to it.

Maybe related, see
https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/.
It shows how to measure and adjust for some throughput improvements.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] TLS Heartbeat

2016-12-10 Thread Kyle Hamilton 
disable O_NAGLE on the socket?

-Kyle H

On Sat, Dec 10, 2016 at 8:04 AM, Salz, Rich  wrote:

> Heartbeats?  Yuk, why.
>
>
>
> Most likely, TCP is buffering things until you get a big enough data
> packet.   I don’t know how to address that.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] TLS Heartbeat

2016-12-10 Thread Rasool, Kaja Mohideen (Nokia - IN) 
Ok, maybe, TCP is doing it. Is there any other API using which I can specify 
the payload length & number of bytes for padding to send a TLS Heartbeat 
request? Then, I can use that API to send out a big enough heartbeat request so 
my server recognize & responds to it.

// Kaja

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: Saturday, December 10, 2016 9:35 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] TLS Heartbeat

Heartbeats?  Yuk, why.

Most likely, TCP is buffering things until you get a big enough data packet.   
I don't know how to address that.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] TLS Heartbeat

2016-12-10 Thread Salz, Rich 
Heartbeats?  Yuk, why.

Most likely, TCP is buffering things until you get a big enough data packet.   
I don’t know how to address that.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] TLS Heartbeat

2016-12-10 Thread Rasool, Kaja Mohideen (Nokia - IN) 
Hi,

I'm trying to develop a server (Java - Netty NIO Library + OpenSSL) / client (C 
+ OpenSSL) applications.

A. I started off writing my server using Netty+OpenSSL and used some python 
scripts available in web (https://gist.github.com/takeshixx/10107280) to test 
whether TLS Heartbeat with OpenSSL is fine. Strangely I found that OpenSSL 
responds to heartbeat only if the length of TLSPlainText.length is greater than 
4096. This I have observed from testing, yet to see the OpenSSL code which 
imposes this limitation.

B. Then I started to write my client that uses SSL_heartbeat macro - but I 
didn't find any way to mention how much payload/padding to be used in the 
heartbeat message.

I need clarity on


1.   Whether the limitation observed in (A) above is correct? If so, is 
there any way to change it.

2.   How to provide inputs like payload/padding to be used to work-around 
the limitation (A) ?

Many thanks in advance,

With regards,
R Kaja Mohideen

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users