[erlang-questions] Possibly to change TLS record size?

John Foldager <>
Wed May 6 14:42:29 CEST 2015


Hi Roger, I just found out that I was replying only to you and not the
mailing list, so I will reply with our conversations below:

ME:
This is EXACTLY what is needed. I used the
SSL_CTRL_SET_MAX_SEND_FRAGMENT to search and found you comment about
the patch on StackOverflow:
http://stackoverflow.com/questions/19276598/erlang-ssl-set-max-send-fragment-size

Any idea who could possible approve this patch for Erlang?

ROGER:
Not really, no. If you're interested in picking it up, I can forward
you Ingela's review comments on my original patch. <deleted-rest-of-message>

ME:
Thanks. I would like to see Ingela's review comments if possible.
<deleted-rest-of-message>

ROGER:
Ingela wrote:

> RFC 6066 obsoletes the RFC 4366 that according to my understanding specifies
> the extension for TLS 1.1 and TLS 1.0 also.  I think that that the best
> approach  would  be to implement handling of the max_fragment_length
> extension, that defaults to the current max if no extension is sent.  And
> also have an application environment variable as a way to change the default.
> (You can look at the session_lifetime application environment variable as an
> example.) The reason I would like to have it as an application environment
> variable is that I do not want to encourage the us of it, if you do not know
> exactly what you are doing, if it is a listen option it is so easily
> accessible!

> When it comes to header files I think that max_plain_text_length numbers
> belongs in ssl_record.hrl.  I could not see that this should be a problem,
> note that tls_record.hrl (includes ssl_record.hrl)


ME (now):
So, Ingela (or anyone else), could we have this TLS record size configurable?

On Tue, Apr 21, 2015 at 4:33 PM, Roger Lipscombe <> wrote:
> On 21 April 2015 at 14:03, John Foldager <> wrote:
>> Using RabbitMQ I would like to know if it is possible somehow to
>> configure/set the running Erlang process to change the size of the TLS
>> records?
>
> Do you mean an equivalent to OpenSSL's SSL_CTRL_SET_MAX_SEND_FRAGMENT option?
>
> As far as I know, it's not possible to set it in Erlang. Way back in
> Jan 2014, I had a patch (see
> https://github.com/rlipscombe/otp/commit/71c53d20191d3ddf43fc0aa87fabf5ac84ef70f3),
> but it didn't make it into OTP -- I had some feedback from Ingela on
> the OTP team, but didn't get around to dealing with it -- and I've not
> updated it since.


More information about the erlang-questions mailing list