[Help-gnutls] TLS message boundary

Ang Way Chuang wcang at yahoo.com
Thu Mar 2 06:05:37 CET 2006

> SSL/TLS will fragment your data message if it is larger than the 
> record size (max 16k) - and it is up to the receiving application 
> to put the fragments back together. 

Thanks. But typically my application will only send data that are 
less than 100 bytes and will not send more than 500 bytes at any 
particular time. So is the data message boundary still respected in
such cases? 

I did a quick test on my simple gnutls client/server app:


 buf[0] = 0;

 for (i = 0; i < 10; i++) {
  sprintf(temp, "%c", 'a' + i);
  strcat(buf, temp);
  len = strlen(buf) + 1;
  ret = gnutls_record_send(session, buf, len);
  if (ret != len) {
   fprintf(stderr, "buffer length(%d) doesn't equal to send len(%d)\n", len, ret);
        gnutls_bye(session, GNUTLS_SHUT_WR);

  try = 10;

  while (try-- > 0) {
   FD_SET(sockfd, &read_fds);
   select(sockfd + 1, &read_fds, NULL, NULL, NULL);

                do {
   ret = gnutls_record_recv(session, buf, sizeof(buf));
   printf("length %d\n", ret);
   printf("buffer: %s\n", buf);
  } while (ret != 0);

The output on server:
length 2
buffer: a
length 3
buffer: ab
length 4
buffer: abc
length 5
buffer: abcd
length 6
buffer: abcde
length 7
buffer: abcdef
length 8
buffer: abcdefg
length 9
buffer: abcdefgh
length 10
buffer: abcdefghi
length 11
buffer: abcdefghij

Seems like data message boundary is still respected because none 
of data are truncated/appended. The test is performed on loop back 
interface. So is it 100% safe to assume gnutls_record_recv respect
data message boundary for app that sends less than 16k? Please advise.

Thanks in advance

Ang Way Chuang


May you be well and happy
Yahoo! Messenger  NEW - crystal clear PC to PC calling worldwide with voicemail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20060302/b55d33c2/attachment.htm>

More information about the Gnutls-help mailing list