[erlang-questions] Possibly to change TLS record size?
Wed May 6 14:42:29 CEST 2015
Hi Roger, I just found out that I was replying only to you and not the
mailing list, so I will reply with our conversations below:
This is EXACTLY what is needed. I used the
SSL_CTRL_SET_MAX_SEND_FRAGMENT to search and found you comment about
the patch on StackOverflow:
Any idea who could possible approve this patch for Erlang?
Not really, no. If you're interested in picking it up, I can forward
you Ingela's review comments on my original patch. <deleted-rest-of-message>
Thanks. I would like to see Ingela's review comments if possible.
> RFC 6066 obsoletes the RFC 4366 that according to my understanding specifies
> the extension for TLS 1.1 and TLS 1.0 also. I think that that the best
> approach would be to implement handling of the max_fragment_length
> extension, that defaults to the current max if no extension is sent. And
> also have an application environment variable as a way to change the default.
> (You can look at the session_lifetime application environment variable as an
> example.) The reason I would like to have it as an application environment
> variable is that I do not want to encourage the us of it, if you do not know
> exactly what you are doing, if it is a listen option it is so easily
> When it comes to header files I think that max_plain_text_length numbers
> belongs in ssl_record.hrl. I could not see that this should be a problem,
> note that tls_record.hrl (includes ssl_record.hrl)
So, Ingela (or anyone else), could we have this TLS record size configurable?
On Tue, Apr 21, 2015 at 4:33 PM, Roger Lipscombe <> wrote:
> On 21 April 2015 at 14:03, John Foldager <> wrote:
>> Using RabbitMQ I would like to know if it is possible somehow to
>> configure/set the running Erlang process to change the size of the TLS
> Do you mean an equivalent to OpenSSL's SSL_CTRL_SET_MAX_SEND_FRAGMENT option?
> As far as I know, it's not possible to set it in Erlang. Way back in
> Jan 2014, I had a patch (see
> but it didn't make it into OTP -- I had some feedback from Ingela on
> the OTP team, but didn't get around to dealing with it -- and I've not
> updated it since.
More information about the erlang-questions