Re: [openssl-users] TLS Heartbeat
On Sat, Dec 10, 2016 at 9:25 PM, Rasool, Kaja Mohideen (Nokia - IN)wrote: > Ok, maybe, TCP is doing it. Is there any other API using which I can specify > the payload length & number of bytes for padding to send a TLS Heartbeat > request? Then, I can use that API to send out a big enough heartbeat request > so my server recognize & responds to it. Maybe related, see https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/. It shows how to measure and adjust for some throughput improvements. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
disable O_NAGLE on the socket? -Kyle H On Sat, Dec 10, 2016 at 8:04 AM, Salz, Richwrote: > Heartbeats? Yuk, why. > > > > Most likely, TCP is buffering things until you get a big enough data > packet. I don’t know how to address that. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
Ok, maybe, TCP is doing it. Is there any other API using which I can specify the payload length & number of bytes for padding to send a TLS Heartbeat request? Then, I can use that API to send out a big enough heartbeat request so my server recognize & responds to it. // Kaja From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Saturday, December 10, 2016 9:35 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] TLS Heartbeat Heartbeats? Yuk, why. Most likely, TCP is buffering things until you get a big enough data packet. I don't know how to address that. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
Heartbeats? Yuk, why. Most likely, TCP is buffering things until you get a big enough data packet. I don’t know how to address that. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] TLS Heartbeat
Hi, I'm trying to develop a server (Java - Netty NIO Library + OpenSSL) / client (C + OpenSSL) applications. A. I started off writing my server using Netty+OpenSSL and used some python scripts available in web (https://gist.github.com/takeshixx/10107280) to test whether TLS Heartbeat with OpenSSL is fine. Strangely I found that OpenSSL responds to heartbeat only if the length of TLSPlainText.length is greater than 4096. This I have observed from testing, yet to see the OpenSSL code which imposes this limitation. B. Then I started to write my client that uses SSL_heartbeat macro - but I didn't find any way to mention how much payload/padding to be used in the heartbeat message. I need clarity on 1. Whether the limitation observed in (A) above is correct? If so, is there any way to change it. 2. How to provide inputs like payload/padding to be used to work-around the limitation (A) ? Many thanks in advance, With regards, R Kaja Mohideen -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users