How do we configure TLS max record size in JSSE (with SunJCE provider) with JDK 1.8? Is the TLS record size hardcoded to 16K bytes. We care a lot about latency in inter-service calls and want to experiment with smaller TLS record size.
There are a lot of articles on TLS record size and how a large size may be detrimental (e.g., http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#TLS_RECORD_SIZE)
Thanks, Arvind
It is not hardcoded: it depends on the cipher suite in use; but it's in the vicinity of 16k.
SSLSocket doesn't do any buffering, so you can control the maximum size actually used via a BufferedOutputStream constructed with the buffer size paramater. For example, the default of 8k will map to whatever the cipher suite needs in terms of ciphertext length, but it will be less than 16k. You would have to experiment a bit to find the size needed for the target record size.