<div dir="ltr">Hi Matt,<div><br></div><div>Yes I raised github case for the same issue. I also tried running this call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and handshake is successful with the latest SNAPSHOT code which is not an official release.</div><div><br></div><div>I checked the github repo history and observer that during commits on (11 th Jan) as a part of "Move state machine knowledge out of the record layer". "<span style="color:rgb(36,41,46);font-family:sfmono-regular,consolas,"liberation mono",menlo,courier,monospace;font-size:12px;white-space:pre;background-color:rgb(255,236,236)">renegotiate</span>" bit that is set to "2" in function "tls_post_process_client_hello" has been removed. May be that is causing the call flow to be successful in the latest SNAPSHOT release.</div><div><br></div><div>I am assuming commits that are done on 11th Jan or later are not part of release openssl 01.01.00e</div><div><br></div><div><br></div><div>Thanks,</div><div>Mahesh G S <br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 19, 2017 at 6:56 PM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">For those following this discussion Mahesh has created a github issue<br>
with much more detail (at least I am assuming this is the same issue):<br>
<br>
<a href="https://github.com/openssl/openssl/issues/3251" rel="noreferrer" target="_blank">https://github.com/openssl/<wbr>openssl/issues/3251</a><br>
<span class="HOEnZb"><font color="#888888"><br>
Matt<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On 18/04/17 21:17, Michael Tuexen wrote:<br>
>> On 13. Apr 2017, at 11:11, mahesh gs <<a href="mailto:mahesh116@gmail.com">mahesh116@gmail.com</a>> wrote:<br>
>><br>
>> Hi,<br>
>><br>
>> We are running SCTP connections with DTLS enabled in our application. We have adapted openssl version (openssl-1.1.0e) to achieve the same.<br>
>><br>
>> We have generated the self signed root and node certificates for testing. We have a strange problem with the incomplete DTLS handshake if we run the DTLS client and DTLS server is different systems.If we run the DTLS client and server in same system handshake is successful, handshake is not successful if run client and server in different VM's.<br>
>><br>
>> This strange problem happens only for SCTP/DTLS connection. With the same set of certificates TCP/TLS connection is successful and we are able to exchange the application data.<br>
>><br>
>> I am attaching the code bits for SSL_accept and SSL_connect and also the wireshark trace of unsuccessful handshake. Please assist me to debug this problem.<br>
>><br>
>> SSL_accept returns SSL_ERROR_WANT_READ(2) infinite times but SSL_connect is called 4 or 5 times and select system call timeout.<br>
> Which OS are you using? With a test program I could reproduce SSL_accept() returning SSL_ERROR_WANT_READ under FreeBSD,<br>
> but not under Linux. Haven't figured out what the problem is. So if you are using FreeBSD we might experience the same problem...<br>
><br>
> Best regards<br>
> Michael<br>
>><br>
>> Thanks,<br>
>> Mahesh G S<br>
>><br>
>><br>
>> <testcode.txt><proxy.cap>--<br>
>> openssl-users mailing list<br>
>> To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
><br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div>