0

We have an application runned on Tomcat8, in the https get response, there're 2 reassembled SSL segments.

Is there any way to turn off it and send ONE TCP packet? enter image description here

Carol Chen
  • 1
  • 1

2 Answers2

0

I'm afraid the answer is 'probably not', but let's first determine that your network is doing the right thing. The maximum segment size in a response is limited by the MSS (maximum segment size) value sent by your client in the TCP handshake.

Since you can see the reassembly going on I will assume that you've got Wireshark or tcpdump. Look in the SYN packet sent by your client at the beginning of the conversation. Find the TCP options and within that the MSS value. A normal value for most ethernet hardware will be 1460 bytes.

One way to increase the MSS is to enable jumbo frames if they're supported by your local network hardware.

Also note that in a complex environment 'smart' routers and firewalls are capable of intercepting and modifying (i.e. reducing) MSS values to cope with their own limitations. In environments like these you really have to have wireshark on both ends of the connection to see the whole picture.

Andy Brown
  • 11,766
  • 2
  • 42
  • 61
  • Thanks for your comments, I fix it now. And for MSS, my packet size is about 2700 bytes, and the MSS is 1460 bytes, why in wireshark I cannot see it divided into two parts? And for the 2 reassembled SSL segments, they are on TLS level. – Carol Chen Jan 04 '16 at 07:28
0

In Tomcat6, there're only one packet, size about 2700 bytes. And in Tomcat8, it is 2 reassembled SSL segment. One is 290 containing the header, another is the left with xml body.

By changing the port to "org.apache.coyote.http11.Http11Nio2Protocol", it works well. I also tried "org.apache.coyote.http11.Http11Nio1Protocol", it will send two packages, and for "org.apache.coyote.http11.Http11Protocol", it will send only one packet.

Carol Chen
  • 1
  • 1