Sebastian Treu: > > If you set ALLOW_MOVING_WRITE_BUFFER, the restriction is relaxed. The > > only > > restriction that remains is that you must present a consistent data > > stream. > > For example, if you try to SSL_write "foo" and two bytes are sent, > > your next > > SSL_write *must* start with an "o".
> That was the key then. I used the one in the man page: > > SSL_MODE_ENABLE_PARTIAL_WRITE These do different things. You probably want both of them. They are both necessary to get sensible non-blocking semantics. I cannot understand why they are not the default for non-blocking SSL connections. (Though I bet it's for bizarre historical reasons.) > but this writes 16kb _always_. I don't saw that option in the > SSL_write() but I can see it on SSL_CTX_set_mode(). With this option > set I don't get anymore WANT_WRITE when the client reads _partially_ > and this let me _know_ more things to control the application flow. That's not unusual to see one size that repeats. Likely you are sending large amounts of data, so the kernel TCP send queue is typically full. And you're CPU is faster than the network, so as soon as there's room to fit one SSL record, you're ready to write more than that. So you will most often see SSL_write returning the number of bytes of application data that fit in one SSL record. > Thanks David for your time and the detailed answers about it. I > promised not to bother the list anymore with SSL I/Os (*sic* at least > I hope) You're welcome. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
