<div dir="ltr">Hi Matt,<div><br></div><div>Can you share s3_srvr.c file which is based on 1.1.0 release where DTLS session resumption works? I tried downloading 1.1.0-pre5 but i didnt see any file related with s3_srvr.c. </div><div><br></div><div>Thanks,</div><div>Rajeswari.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 16, 2016 at 11:20 AM, Rajeswari K <span dir="ltr"><<a href="mailto:raji.kotamraju@gmail.com" target="_blank">raji.kotamraju@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Matt,<div><br></div><div>Yes, i tested with your patch. Honestly, before writing to openssl-dev team, i tried session resumption with moving the version just like what you gave as patch. But, still session resumption didn't work for me. Am debugging same at openssl front. </div><div><br></div><div>Just to confirm on the issue, i tried hardcoding s->version and s->method with DTLSv1 just after calling SSL_new() followed by SSL_clear(). Then Session resumption worked as expected. </div><div><br></div><div>So, updation of s->version during handshake and updation of s->session->version has some relation which am trying to find out. </div><div><br></div><div>I was looking at updation of s->session->version during handshake when the version is DTLS_ANY_VERSION. Will check and update you on my findings if any. </div><div><br></div><div>Thanks,</div><div>Rajeswari.</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 13, 2016 at 11:16 PM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
<br>
On 13/05/16 18:33, Rajeswari K wrote:<br>
> Hi Matt,<br>
><br>
> Thanks for the response.<br>
><br>
> But, this fix doesn't perform session resumption.<br>
<br>
</span>Did you try the patch?<br>
<br>
As you pointed out we hit the following line:<br>
<span><br>
if (i == 1 && s->version == s->session->ssl_version) { /* previous<br>
* session */<br>
<br>
</span>The version from the SSL object and the version from the session do not<br>
match and that is why session resumption does not take place.<br>
<br>
The reason that the versions do not match is because version negotiation<br>
takes place *after* this check. So at this point s->version equals<br>
DTLS_ANY_VERSION. My patch moves the version negotiation to before the<br>
above test so that s->version should now be equal to DTLSv1, and<br>
therefore should be the same as in s->session->ssl_version, and session<br>
resumption should be successful.<br>
<span><font color="#888888"><br>
Matt<br>
</font></span><span><br>
<br>
<br>
><br>
> Thanks,<br>
> Rajeswari.<br>
><br>
> On Wed, May 11, 2016 at 2:56 PM, Matt Caswell <<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a><br>
</span><div><div>> <mailto:<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>>> wrote:<br>
><br>
><br>
><br>
> On 10/05/16 18:34, Rajeswari K wrote:<br>
> > Hello openssl-dev team,<br>
> ><br>
> > Having query regarding DTLS session resumption when configured SSL_CTX<br>
> > with DTLS_ANY_VERSION.<br>
> ><br>
> > When we select SSL_CTX with DTLS_ANY_VERSION, method will be of<br>
> > DTLS_Server_method(), which will have ssl_ctx->version as 0xFEFD to<br>
> > support both the versions (i.e. DTLS1.0 and DTLS1.2).<br>
> ><br>
> > During handshake, we landed on to version DTLS1.0.i.e.<br>
> > s->session->version holds 0xFEFF.<br>
> ><br>
> > In order to perform session resumption, we derived new SSL structure<br>
> > from global ssl_ctx using SSL_new() and tried performing ssl<br>
> handshake.<br>
> ><br>
> > With the below logic,<br>
> > else {<br>
> > i = ssl_get_prev_session(s, p, j, d + n);<br>
> > /*<br>
> > * Only resume if the session's version matches the negotiated<br>
> > * version.<br>
> > * RFC 5246 does not provide much useful advice on resumption<br>
> > * with a different protocol version. It doesn't forbid it but<br>
> > * the sanity of such behaviour would be questionable.<br>
> > * In practice, clients do not accept a version mismatch and<br>
> > * will abort the handshake with an error.<br>
> > */<br>
> > if (i == 1 && s->version == s->session->ssl_version) { /*<br>
> previous<br>
> > *<br>
> session */<br>
> > s->hit = 1;<br>
> > } else if (i == -1)<br>
> > goto err;<br>
> > else { /* i == 0 */<br>
> ><br>
> > if (!ssl_get_new_session(s, 1))<br>
> > goto err;<br>
> > }<br>
> ><br>
> > Since s->version is with 0xFEFD and s->session->ssl_version is 0xFEFF,<br>
> > we always try for new session and wont land on to session resumption<br>
> > though client has sent the session_id.<br>
> ><br>
> > Is this intended behaviour? Please clarify.<br>
><br>
><br>
> No. This appears to be a bug introduced by commit 03d14f588734 in<br>
> November 2014.<br>
><br>
> The real problem though is that the DTLS version negotiation is<br>
> happening too late - after session resumption. Interestingly this only<br>
> seems to be a problem in 1.0.2. In 1.1.0 this is working correctly (the<br>
> version negotiation logic has been substantially rewritten in the new<br>
> version).<br>
><br>
> Please could you try out the attached patch? Let me know how you get on.<br>
><br>
> Thanks<br>
><br>
> Matt<br>
><br>
> --<br>
> openssl-dev mailing list<br>
> To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-dev" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br>
><br>
><br>
><br>
><br>
--<br>
openssl-dev mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-dev" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>