From 3885da946bdf9b7f7c3e979e457b285c4413ba52 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Thu, 22 Feb 2018 11:38:50 -0500
Subject: [PATCH] workaround for buggy OpenSSL that produces incorrectly
 fragmented DTLS

closes #413

Change-Id: Iead12e5c1b2387c15923a1cff7f7abcd9267b4bb
---
 daemon/dtls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemon/dtls.c b/daemon/dtls.c
index 669ff7217..19fef707e 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -560,6 +560,12 @@ int dtls_connection_init(struct packet_stream *ps, int active, struct dtls_cert
 	SSL_set_tmp_ecdh(d->ssl, ecdh);
 	EC_KEY_free(ecdh);
 
+#if defined(SSL_OP_NO_QUERY_MTU)
+	SSL_CTX_set_options(d->ssl_ctx, SSL_OP_NO_QUERY_MTU);
+	SSL_set_mtu(d->ssl, 1500);
+	DTLS_set_link_mtu(d->ssl, 1500);
+#endif
+
 	d->active = active ? -1 : 0;
 
 done: