Openssl iOS buffer limit

Question

I'm using openssl in my iOS application, and it works fines until i sent too big message (100kb) from server to client (iOS app).

the problem is the ssl_read() method have a limit buffer size as 16384 bytes, so if the server send a message big than 16384 bytes, the reset of the message it will be ignored.

my question is how i can change this limit (increase this limit) ?

Answer 1

Short answer:

You cannot change the limit. You have to read a chunk of data, save it in a buffer, read another chunk, append it to that buffer, and so on until you've received the entire message.

Longer answer:

The maximum record size is 16384 (2^14) because it's defined that way by the standard. For example, for TLS 1.2, that is rfc5246.

The record layer fragments information blocks into TLSPlaintext
records carrying data in chunks of 2^14 bytes or less. Client
message boundaries are not preserved in the record layer (i.e.,
multiple client messages of the same ContentType MAY be coalesced
into a single TLSPlaintext record, or a single message MAY be
fragmented across several records).

The spec makes it quite clear that the length has a fixed size:

The length MUST NOT exceed 2^14.

Your transmitter should not be constructing SSL records larger than that. It should be fragmenting the message over multiple SSL records.

An SSL record is analogous to an IP packet. The maximum amount of data you can actually put inside an IP packet is a little less than your MTU, which is commonly 1500 bytes. So how does TCP work, which allows you to send arbitrary-length messages? Well, it works by sending your message in chunks, 1500 bytes at a time until you've received your entire message.

How does TCP know when you've received your whole message? It doesn't. It has no idea. That's why TCP is called a stream protocol. It's just streaming bytes to your app. Your app must know when it has received a message. In the case of HTTP, you'd know because the client sends a Content-Length header that tells the server how many bytes to expect.

Same with ssl_read. You read a chunk of data at a time until your app has determined when you've read an entire message. You accumulate these chunks in a larger buffer that your application manages.