[erlang-questions] Fwd: Possibly to change TLS record size?

Ingela Andin <>
Thu May 7 16:24:33 CEST 2015


Hi!

Let me put it this way.  If someone makes a PR for implementing the Maximum
Fragment Length extension from RFC 6066 we will accept the PR.
The implementation should be fairly straight forward. I could easily do it
myself, but when and if this will be prioritised by Ericsson so that I have
the time to do it, is an entirely different question.

Regards Ingela Erlang/OTP team - Ericsson AB

2015-05-06 14:42 GMT+02:00 John Foldager <>:

> Hi Roger, I just found out that I was replying only to you and not the
> mailing list, so I will reply with our conversations below:
>
> ME:
> This is EXACTLY what is needed. I used the
> SSL_CTRL_SET_MAX_SEND_FRAGMENT to search and found you comment about
> the patch on StackOverflow:
>
> http://stackoverflow.com/questions/19276598/erlang-ssl-set-max-send-fragment-size
>
> Any idea who could possible approve this patch for Erlang?
>
> ROGER:
> Not really, no. If you're interested in picking it up, I can forward
> you Ingela's review comments on my original patch.
> <deleted-rest-of-message>
>
> ME:
> Thanks. I would like to see Ingela's review comments if possible.
> <deleted-rest-of-message>
>
> ROGER:
> Ingela wrote:
>
> > RFC 6066 obsoletes the RFC 4366 that according to my understanding
> specifies
> > the extension for TLS 1.1 and TLS 1.0 also.  I think that that the best
> > approach  would  be to implement handling of the max_fragment_length
> > extension, that defaults to the current max if no extension is sent.  And
> > also have an application environment variable as a way to change the
> default.
> > (You can look at the session_lifetime application environment variable
> as an
> > example.) The reason I would like to have it as an application
> environment
> > variable is that I do not want to encourage the us of it, if you do not
> know
> > exactly what you are doing, if it is a listen option it is so easily
> > accessible!
>
> > When it comes to header files I think that max_plain_text_length numbers
> > belongs in ssl_record.hrl.  I could not see that this should be a
> problem,
> > note that tls_record.hrl (includes ssl_record.hrl)
>
>
> ME (now):
> So, Ingela (or anyone else), could we have this TLS record size
> configurable?
>
> On Tue, Apr 21, 2015 at 4:33 PM, Roger Lipscombe <>
> wrote:
> > On 21 April 2015 at 14:03, John Foldager <>
> wrote:
> >> Using RabbitMQ I would like to know if it is possible somehow to
> >> configure/set the running Erlang process to change the size of the TLS
> >> records?
> >
> > Do you mean an equivalent to OpenSSL's SSL_CTRL_SET_MAX_SEND_FRAGMENT
> option?
> >
> > As far as I know, it's not possible to set it in Erlang. Way back in
> > Jan 2014, I had a patch (see
> >
> https://github.com/rlipscombe/otp/commit/71c53d20191d3ddf43fc0aa87fabf5ac84ef70f3
> ),
> > but it didn't make it into OTP -- I had some feedback from Ingela on
> > the OTP team, but didn't get around to dealing with it -- and I've not
> > updated it since.
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150507/60f81589/attachment.html>


More information about the erlang-questions mailing list