Is there a TCP Maximum Segment Size (MSS) Minimum?

Michael Uray asked:

I have there a OpenVPN VPN network connection, where the MSS size 60 gets send out for some reason (don’t know why yet).
EDIT: Reason: OpenVPN mssfix was mistakenly set to 1

36  92.064383   10.102.0.43 10.1.151.50 TCP 52  49991 → 63760 [SYN] Seq=0 Win=65535 Len=0 MSS=60 WS=128 SACK_PERM=1
37  92.064763   10.1.151.50 10.102.0.43 TCP 52  63760 → 49991 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

There are two devices on this network, which behave different.

  • Win 10 PC with Filezilla FTP Server
  • Embedded device (PLC) based on VxWorks with internal FTP server

The PC sets the MSS size to 536, but the PLC sets it down to 60 like requested.

41  92.171676   10.1.151.50 10.102.0.43 FTP-DATA    576 FTP Data: 536 bytes (PASV) (RETR TCData.br)
67  17.385576   10.1.151.1  10.102.0.43 FTP-DATA    100 FTP Data: 60 bytes (PASV) (RETR TCData.br)

Is that implemented on the right way on both sides?

I know that the default TCP MSS is 536, but is there a required minimum size?

My answer:


536 is the minimum.

Remember that the minimum packet size for TCP (in IPv4) that all hosts must accept is 576 octets, and the MSS is the size of the payload of that packet, i.e. 576-40 = 536.

A host sending a TCP packet with MSS=60 is severely misbehaving.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.