[openssl-dev] [openssl.org #4392] [PATCH] Resolve DTLS cookie and version before session resumption.

David Benjamin via RT rt at openssl.org
Mon Mar 7 22:03:20 UTC 2016

Session resumption involves a version check, so version negotiation must
happen first. Currently, the DTLS implementation cannot do session
resumption in DTLS 1.0 because the ssl_version check always checks against

Switching the order also removes the need to fixup ssl_version in DTLS
version negotiation.

The DTLS1-ECDHE-RSA-AES256-SHA-server test (and any other
DTLS1-{cipher-name}-server test) in BoringSSL's test suite can be used to
repro this:


Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4392
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-Resolve-DTLS-cookie-and-version-before-session-resum.patch
Type: application/octet-stream
Size: 4150 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/507b30ed/attachment-0001.obj>

More information about the openssl-dev mailing list