Hi All,
I am Trying to limit the packet size for DTLS messages. By
using ssl_set_mtu() I am able to define max size for particular record.
But in the above Handshake OPENSSL combines multiple records and sends
out in a single UDP Packet.Is there a way we can configure
OPENSSL such that it splits out each record into a separate UDP Packet
in case combination of DTLS record exceeds a given MTU?
*Sample DTLS Handshake: *
Client Server
ClientHello + use_srtp -------->
ServerHello + use_srtp
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
SRTP packets <-------> SRTP packets
*Example*: Suppose my MTU is 1500 bytes
*Current **Behavior*
ServerHello +
use_srtp(100 bytes)
Certificate*(1400 bytes)
ServerKeyExchange*(50 bytes)
CertificateRequest*(50 bytes)
<-------- ServerHelloDone(50 bytes)
*Expected **Behavior*
ServerHello + use_srtp(100 bytes)
Certificate*(1400 bytes)
<-------- (Since we reached MTU
OPENSSL must split records into 2 UDP packets)
ServerKeyExchange*(50 bytes)
CertificateRequest*(50 bytes)
<-------- ServerHelloDone(50 bytes)
Thanks
Satya
