On Wed, 2016-10-05 at 21:29 +0100, Matt Caswell wrote: > Hmmmm....well its not constant even by cipher. It depends on the > transport (IPv6 has a bigger overhead than IPv4).
That is included in d1->link_mtu (DTLS_set_link_mtu()) but is not included in d1->mtu (SSL_set_mtu()). Even when we let DTLS autodetect by using BIO_CTRL_DGRAM_QUERY_MTU, it gets a value without the (assumed) IP/UDP overhead, which goes straight into d1->mtu. The "link MTU" thing is purely a special case for application convenience. AFAICT we only *ever* use it by subtracting the BIO_CTRL_DGRAM_GET_MTU_OVERHEAD value (which again assumes UDP not SCTP) and then dealing with d1->mtu thereafter. So let's forget all about the "link MTU" and the IP/UDP overhead for now. They are an orthogonal issue. > So why not: > > DTLS_get_data_mtu(SSL *s) Yeah. OK. And I don't think we need a DTLS_set_data_mtu(). If the application knows the largest data payload it'll ever send... who cares about telling OpenSSL the MTU? Just call SSL_set_mtu(s, 65536) and then send what you like. > I've not thought about it in great detail, but it looks ok at first > glance. Thanks. I'll use that as a basis for DTLS_get_data_mtu() then. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev