[openssl-dev] [openssl.org #3657] OpenSSL 1.0.1k DTLS handshake no longer works

Matt Caswell via RT rt at openssl.org
Thu Jan 15 16:21:35 UTC 2015


On Thu Jan 15 17:01:51 2015, shiretu at gmail.com wrote:
> Hi all,
>
> Also, just for completeness, I want to point out I'm a fortunate case
> where I can actually touch the code and recompile it to fix the
> issue. I'm sure that other cases are not so fortunate. IMHO, when
> DTLS method is used, that call should be made by default in the
> internals of OpenSSL

In response to your previous documentation question it is (unfortunately)
undocumented. :-(
The best I can offer you is the source code:
int read_ahead; /* Read as many input bytes as possible * (for non-blocking
reads) */
With regards to your second point, I consider it a bug that this is not the
default for DTLS. Unfortunately that bug has remained dormant until the fix for
CVE-2014-0206 exposed it.

I'm keeping this ticket open, until we have a proper fix. For now though the
workaround is to use the SSL_CTX_set_read_ahead function directly.

Matt



More information about the openssl-dev mailing list