[openssl-users] Issue on DTLS over UDP

Matt Caswell matt at openssl.org
Wed Jan 3 10:53:29 UTC 2018



On 03/01/18 10:40, Grace Priscilla Jero wrote:
> Hi,
> Can someone please respond to the below mail as we want to confirm if it
> is an issue with our application or a bug in openSSL.

It isn't a known bug (which doesn't mean it isn't an unknown bug!).

I think we're going to need some more information to help you with this
issue. If I understand you correctly you have a server application which
only supports DTLS 1.0 and it is that application which is failing?
Which version of OpenSSL is this? All currently supported versions of
OpenSSL have the capability to support DTLS1.2 so I'm not sure why you
have this scenario.

You say that "SSL_accept continuously loops with error 2". Do you mean
by that SSL_accept() returns an error and calling SSL_get_error() gives
you SSL_ERROR_WANT_READ (value 2)?

"The ALERT is not processed": does this mean you are expecting to see an
alert but it isn't sent? Or an alert is sent but it is ignored?

Perhaps a wireshark trace of the exchange would help us to understand
what you are seeing.

Matt


> 
> Thanks,
> Grace
> 
> On Fri, Dec 15, 2017 at 3:23 PM, Grace Priscilla Jero
> <grace.priscilla at gmail.com <mailto:grace.priscilla at gmail.com>> wrote:
> 
>     Hi All,
> 
>     We are having an issue with DTLS on UDP.
> 
>     The scenario is that, when a client of DTLS version 1.2 is trying to
>     connect to a server which is at version DTLS 1.0 the SSL_accept
>     continuously loops with error 2. The ALERT is not processed. 
>     Is this a known bug?
> 
>     Because of the loop, the application is unable to process new changes. 
> 
>     Thanks,
>     Grace
> 
> 
> 
> 


More information about the openssl-users mailing list