[openssl-users] DTLS-over-UDP client example

Tue Sep 18 10:43:15 UTC 2018

Hello !

>>
>>  With such list it works, but without encoding (data send in cleartext, connection established as Cipher: NULL-SHA)
>>
>>  and if I remove eNULL on client side, it doesn't connect - server wait repeat of client cookue forever.
>>
>>  At the same time, "openssl s_client -dtls1 ..." connects fine, with Cipher: AES256-SHA
>
> Then debug why the server is ignoring the client request.
> OpenSSL has good debug output, in worst case add new prints...
>

Actually, I have traced it to ClientHello cookie exchange: test client connects to server, server calls generate_cookie() and never calls verify_cookie().

If I connect to test server using openssl s_client - server calls both generate_cookie() and verify_cookie(), and connection establishes.

If I return eNULL back in client ciphers list, server do not call  generate_cookie(), and connection went OK.

If I comment out SSL_CTX_set_cookie_generate_cb() on server side, it still doesn't connect using test client but still connectes using openssl s_client.

-- 
Александр Деревянко/Aleksander Derevianko
Нач. отдела новых аппаратно-программных средств
Бомбардье Транспортейшн (Сигнал)/Bombardier Transportation (Signal) Ltd.
T:   +74959255370 Доб. 265
M: +79859229755