Hello,
> >> * TLS header/protocol overhead
> >> * Cipher blocks and chaining modes (picking the most commonly used)
> >> * Blocking mode padding overhead
> >> * Ethernet 1500 MTUs
> >>
> >> I presume the minimum is 1 byte, to be send and flushed at the receiver.
> >>
> >> But maximum block size I read somewhere maybe around 16Kb ?
> >>
> >> So if we were looking in the 1500 to 6000 byte region for a nicely
> >> aligned SSL_write() size, what are the magic numbers ?
> >
> > If you want to minimize overhead, you should use records of maximum
> > length, which is 2^14 plaintext bytes (with a slightly longer
> > ciphertext).
>
> I was thinking in terms of the possibility of optimizing for network
> layer (than just raw encoded data length, necessary to encode the payload).
>
>
> For example, if:
>
> * TLS overhead is: 5 bytes
> * Cipher blocks + chaining alignment is 512bits / 64 bytes. Some
> ciphers align at less (down to 8 bytes) which makes it easier to find
> magic number for them.
> * Blocking mode padding at 64 byte multiples of payload size is: 0 bytes
> * Ethernet MTU is: 1500 bytes
>
> So magic numbers around the range 1500 to 6000 byte region would be:
>
> 1472 bytes payload (1472 divides by 64 with no remainder, and block
> padding overhead for that length is 0) + 5 TLS header = 1472 bytes.
Cipher block padding can not be 0, if remainder is 0, one block of
padding is added (for example with 8 byte block - block filled with 8
is added).
Next hint - you must add to this calculation MAC digest size
(20 for SHA) per SSL record.
For example if you have 8 data bytes to send:
8(data) + 20(MAC) + 8(padding) = 36
and 5 bytes for SSL3/TLS record header = 41.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
