lib: introduce `.setMaxSendFragment(size)`

fix #6889

5 files changed, 112 insertions, 0 deletions

diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
index 97c78fea8f..cf7a87fa2a 100644
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@@ -634,6 +634,18 @@ has been established.
 ANOTHER NOTE: When running as the server, socket will be destroyed
 with an error after `handshakeTimeout` timeout.
 
+### tlsSocket.setMaxSendFragment(size)
+
+Set maximum TLS fragment size (default and maximum value is: `16384`, minimum
+is: `512`). Returns `true` on success, `false` otherwise.
+
+Smaller fragment size decreases buffering latency on the client: large
+fragments are buffered by the TLS layer until the entire fragment is received
+and its integrity is verified; large fragments can span multiple roundtrips,
+and their processing can be delayed due to packet loss or reordering. However,
+smaller fragments add extra TLS framing bytes and CPU overhead, which may
+decrease overall server throughput.
+
 ### tlsSocket.address()
 
 Returns the bound address, the address family name and port of the
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c6996048e1..ff794e7cea 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -303,6 +303,10 @@ TLSSocket.prototype.renegotiate = function(options, callback) {
   return true;
 };
 
+TLSSocket.prototype.setMaxSendFragment = function setMaxSendFragment(size) {
+  return this.ssl.setMaxSendFragment(size) == 1;
+};
+
 TLSSocket.prototype._handleTimeout = function() {
   this._tlsError(new Error('TLS handshake timeout'));
 };
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 936f3a9038..1017e2f5b0 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -857,6 +857,10 @@ void SSLWrap<Base>::AddMethods(Handle<FunctionTemplate> t) {
   NODE_SET_PROTOTYPE_METHOD(t, "renegotiate", Renegotiate);
   NODE_SET_PROTOTYPE_METHOD(t, "shutdown", Shutdown);
 
+#ifdef SSL_set_max_send_fragment
+  NODE_SET_PROTOTYPE_METHOD(t, "setMaxSendFragment", SetMaxSendFragment);
+#endif  // SSL_set_max_send_fragment
+
 #ifdef OPENSSL_NPN_NEGOTIATED
   NODE_SET_PROTOTYPE_METHOD(t, "getNegotiatedProtocol", GetNegotiatedProto);
   NODE_SET_PROTOTYPE_METHOD(t, "setNPNProtocols", SetNPNProtocols);
@@ -1240,6 +1244,21 @@ void SSLWrap<Base>::Shutdown(const FunctionCallbackInfo<Value>& args) {
 }
 
 
+#ifdef SSL_set_max_send_fragment
+template <class Base>
+void SSLWrap<Base>::SetMaxSendFragment(
+    const v8::FunctionCallbackInfo<v8::Value>& args) {
+  HandleScope scope(node_isolate);
+  CHECK(args.Length() >= 1 && args[0]->IsNumber());
+
+  Base* w = Unwrap<Base>(args.This());
+
+  int rv = SSL_set_max_send_fragment(w->ssl_, args[0]->Int32Value());
+  args.GetReturnValue().Set(rv);
+}
+#endif  // SSL_set_max_send_fragment
+
+
 template <class Base>
 void SSLWrap<Base>::IsInitFinished(const FunctionCallbackInfo<Value>& args) {
   HandleScope scope(node_isolate);
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 2357ca4a2d..7f29e89590 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -188,6 +188,11 @@ class SSLWrap {
   static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
 
+#ifdef SSL_set_max_send_fragment
+  static void SetMaxSendFragment(
+      const v8::FunctionCallbackInfo<v8::Value>& args);
+#endif  // SSL_set_max_send_fragment
+
 #ifdef OPENSSL_NPN_NEGOTIATED
   static void GetNegotiatedProto(
       const v8::FunctionCallbackInfo<v8::Value>& args);
diff --git a/test/simple/test-tls-max-send-fragment.js b/test/simple/test-tls-max-send-fragment.js
new file mode 100644
index 0000000000..f6fdf25120
--- /dev/null
+++ b/test/simple/test-tls-max-send-fragment.js
@@ -0,0 +1,72 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if (!process.versions.openssl) {
+  console.error('Skipping because node compiled without OpenSSL.');
+  process.exit(0);
+}
+
+var assert = require('assert');
+var fs = require('fs');
+var net = require('net');
+var tls = require('tls');
+
+var common = require('../common');
+
+var buf = new Buffer(10000);
+var received = 0;
+var ended = 0;
+var maxChunk = 768;
+
+var server = tls.createServer({
+  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
+  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
+}, function(c) {
+  // Lower and upper limits
+  assert(!c.setMaxSendFragment(511));
+  assert(!c.setMaxSendFragment(16385));
+
+  // Correct fragment size
+  assert(c.setMaxSendFragment(maxChunk));
+
+  c.end(buf);
+}).listen(common.PORT, function() {
+  var c = tls.connect(common.PORT, {
+    rejectUnauthorized: false
+  }, function() {
+    c.on('data', function(chunk) {
+      assert(chunk.length <= maxChunk);
+      received += chunk.length;
+    });
+
+    // Ensure that we receive 'end' event anyway
+    c.on('end', function() {
+      ended++;
+      c.destroy();
+      server.close();
+    });
+  });
+});
+
+process.on('exit', function() {
+  assert.equal(ended, 1);
+  assert.equal(received, buf.length);
+});