in ssl_write_real() function if the following code without what I added "return( ret ); // WMQ for bug 4836" it will return len instead - the issue with this method is the higher level does not know ssl_write_real() did not send the data and there is no way TLS layer can resend this data until next try from higher level. We have this problem when we send many data and notice some data at the end were not received until we issue another request. By returning "ret" (which in this case is 0) will tell higher level that the write is not complete so it can retry. if( ssl->out_left != 0 ) { /* * The user has previously tried to send the data and * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially * written. In this case, we expect the high-level write function * (e.g. mbedtls_ssl_write()) to be called with the same parameters */ if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); return( ret ); } return( ret ); // WMQ for bug 4836 } else { /* * The user is trying to send a message the first time, so we need to * copy the data into the internal buffers and setup the data structure * to keep track of partial writes */ ssl->out_msglen = len; ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; memcpy( ssl->out_msg, buf, len ); if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); } } return( (int) len );