Hi
We are using a DigiConnect ME module to forward a serial port over an Secure Socket connection. Under the serial port configuration we have checked “Automatically establish TCP connections” and “Always connect and maintain connection” with “Secure Sockets” selected as the network service. The other end of the connection is terminated at a Java application using an SSLServerSocket object.
We have recently deployed a DigiConnect ME module on a network that has a very small maximum transmission unit. This limits the TCP connection’s Maximum Segment Size to 536 bytes (which is correctly advertised in the TCP SYN packet when DigiConnect ME is connecting to our server). It has turned out that under such conditions the DigiConnect ME module repeatably drops the SSL connection when data is sent from the server to the module.
From packet traces we have recorded it appears that the module will drop the connection when a TLS application data record gets split between two TCP fragments. This is unlikely on Ethernet networks where MTU is large, but in our case records get split often because of small MTU when sending more than a few characters at a time. However if we artificially force that TLS records get split, this is reproducible even on a Ethernet network with MTU of 1500 bytes.
We would appreciate any help regarding this issue. Is this a known limitation of the TLS implementation on DigiConnect ME modules? Since TCP is a stream-oriented protocol, fragmentation of TLS records shouldn’t ordinarily be an issue and can’t be controlled from the Java application. Are there any known workarounds?
Our module is using firmware version 82000856_F6.
Thank you for your answer.