Sorry I made a mistake with question 3 due to my mis-understanding of
"plaintext". It is actually the same question as question 1.

Actually I can control the TLS record size when calling SSL_write by
restricting the buffer size of each iterative. However, I couldn't control
the size in communication done by OpenSSL lib when establishing the
connection. The size simply exceed the expected limit (512 bytes) when a
whole certificate chain is transferred.

So far I haven't find any solution other than modifying the macro value.
However, due to some reasons it's best to avoid modifying the source code.

Any help is appreciated.

Peter Lin

On Sat, Aug 28, 2010 at 11:52 AM, peterlingoal <peterling...@gmail.com>wrote:

> Hi everyone,
> I have three questions:
>    1. Is there any API to limit the TLS fragment length (record size) to a
>    smaller value than default (2^14)?
>    2. How to set TLS extension max_fragment_length as suggested in
>    RFC4366? From the source code of 0.9.8l and mailing achieve it seems that
>    this has not been implemented.
>    3. Is there any API to define the maximumly allowed TLS plaintext
>    length in a TLS record? If not will changing the
>    macro SSL3_RT_MAX_PLAIN_LENGTH value serving the purpose?
> Please comment. Thanks.
> regards,
> Peter Lin

Reply via email to