I'm using OpenSSL 0.9.8.
In ssl/ssl3.h, SSL3_RT_MAX_PLAIN_LENGTH is defined as 16384, and
SSL3_RT_MAX_PACKET_SIZE is defined as that value plus some overhead.
In ssl/s3_both.c, the function ssl3_setup_buffers() allocates a read
buffer and a write buffer based on this value. The two buffers total
about 36K bytes of memory.
My application needs to support a large number (thousands) of
connections, so this memory requirement is huge. And my application
doesn't need to send 16K messages; 4K would be more than enough.
So I changed the value of SSL3_RT_MAX_PLAIN_LENGTH to 4096 and rebuilt
one end of my application. As expected, it can exchange messages of
4095 bytes or less. But when I try to send a message of greater than
4096 bytes, I get this error:
1408f092: error:1408F092:SSL routines:SSL3_GET_RECORD:data
length too long (s3_pkt.c:450)
I know that the SSL/TLS record size is 16384 bytes. I am surprised to
discover that the SSL/TLS handshake does not exchange record length
values so that applications can negotiate smaller values to save memory.
Particularly since buffers longer than 16384 bytes are handled just
fine, in 16384-byte chunks.
So I guess my question is: how can I reduce the per-connection memory
requirements?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
