6

When using an SSLStream to send a 'large' chunk of data (1 meg) to a (already authenticated) client, the packet fragmentation / dissasembly I'm seeing is FAR greater than when using a normal NetworkStream.

Using an async read on the client (i.e. BeginRead()), the ReadCallback is repeatedly called with exactly the same size chunk of data up until the final packet (the remainder of the data). With the data I'm sending (it's a zip file), the segments happen to be 16363 bytes long. Note: My receive buffer is much bigger than this and changing it's size has no effect

I understand that SSL encrypts data in chunks no bigger than 18Kb, but since SSL sits on top of TCP, I wouldn't think that the number of SSL chunks would have any relevance to the TCP packet fragmentation?

Essentially, the data is taking about 20 times longer to be fully read by the client than with a standard NetworkStream (both on localhost!)

What am I missing?

EDIT:

I'm beginning to suspect that the receive (or send) buffer size of an SSLStream is limited. Even if I use synchronous reads (i.e. SSLStream.Read()), no more data ever becomes available, regardless of how long I wait before attempting to read. This would be the same behavior as if I were to limit the receive buffer to 16363 bytes. Setting the Underlying NetworkStream's SendBufferSize (on the server), and ReceiveBufferSize (on the client) has no effect.

Improve this question
9
  • Are you talking about IP fragmentation or about how many reads you have to make on the receiver side? Commented Jun 22, 2012 at 16:00
  • The number of reads that are made Commented Jun 22, 2012 at 16:11
  • How are you sending? If you don't use buffers around SSL streams you can get a data explosion of over 40x due to encoding one byte at a time in its own SSL record. Commented Jun 22, 2012 at 23:45
  • @EJP: Can you elaborate please? With the individual packet sizes of 16K, I don't think this sounds like single bytes of encrypted data. Are you referring to using a BufferedStream or some such? Wrapping the underling NetworkStream in a BufferedStream has no effect (and I believe this would just help with heap fragmentation anyway). The consistency of the read-packet size points to the SSLStream having a fixed/limited-size receive buffer. Could this be the case? Perhaps the receive-buffer size of the underling NetworkStream is ignored for SSL for packets over a certain size? Commented Jun 26, 2012 at 9:01
  • fragmentation and chunk size depends on all devices on the network path between the sender and the receiver. There is no way to influence this Commented Jun 26, 2012 at 9:19

1 Answer 1

Reset to default
1

This looks like a packet-data-size limitation applied by the SslStream defined by a private member:

SSLStream._SslState.MaxDataSize

I'm struggling to understand why this limitation is applied, or if it can be changed, and have asked the question here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.