[openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost
Ken Ballou via RT
rt at openssl.org
Fri Aug 28 20:52:49 UTC 2015
I originally found this in version 1.0.1e, but this also appears to be
present in the latest master branch of the git repository.
If a DTLS server has been configured to require a cookie exchange, it
appears the server never retransmits the HelloVerifyRequest message if the
client sends another ClientHello with sequence number zero and no cookie.
But, this means that if the HelloVerifyRequest message from the server is
lost (it's UDP, so anything can happen), the client will never be able to
connect.
Is this intentional behavior? I can imagine this may be an attempt to
thwart a DoS attack, but it seems the attacker has to do as much work as
the system under attack by resending the ClientHello again.
I am attaching source code (in C) for a small (single source file) test
program to reproduce this. The test program uses separate read and write
datagram BIOs to simulate a lost UDP datagram. After the program sends
the initial ClientHello and fails to read the HelloVerifyRequest, the user
is prompted to press "enter." When the user does so, the program replaces
the read BIO in the SSL object with the correct BIO and retries
SSL_connect. In a wireshark trace, one can see that the server never
resends the HelloVerifyRequest in reply. (Pass the server IP address and
port as command line parameters.)
I have tested this with "openssl s_server" running on localhost:
% ./apps/openssl version
OpenSSL 1.1.0-dev xx XXX xxxx
% ./apps/openssl s_server -cert keycert.pem -accept 5555 -dtls1
Then:
% test-lost-helloverifyrequest 127.0.0.1 5555
- Ken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test-lost-helloverifyrequest.c
Type: application/octet-stream
Size: 2272 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150828/09aaee04/attachment.obj>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list