On Wednesday 12 November 2008 02:25:51 Steven J. Murdoch wrote: > > Does anyone have ideas on how to remove the redundant TLS application > records, or otherwise improve the efficiency? > > Steven. http://marc.info/?l=openssl-users&m=115654275717293&w=2 has the answer. "Sending empty SSL record (I mean record with only MAC) before SSL record with real application data guards against some timing CBC attacks and is enabled in OpenSSL by default. To disable this set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS with SSL_CTX_set_options()." This corresponds exactly with what you're seeing - the empty record always precedes the populated application record.
Attachment:
signature.asc
Description: This is a digitally signed message part.