[openssl-dev] DTLS session resumption with DTLS_ANY_VERSION

Matt Caswell matt at openssl.org
Wed May 11 09:26:52 UTC 2016 


On 10/05/16 18:34, Rajeswari K wrote:
> Hello openssl-dev team,
> 
> Having query regarding DTLS session resumption when configured SSL_CTX
> with DTLS_ANY_VERSION. 
> 
> When we select SSL_CTX with DTLS_ANY_VERSION, method will be of
> DTLS_Server_method(), which will have ssl_ctx->version as 0xFEFD to
> support both the versions (i.e. DTLS1.0 and DTLS1.2).
> 
> During handshake, we landed on to version DTLS1.0.i.e.
> s->session->version holds 0xFEFF. 
> 
> In order to perform session resumption, we derived new SSL structure
> from global ssl_ctx using SSL_new() and tried performing ssl handshake.
> 
> With the below logic, 
> else {
>         i = ssl_get_prev_session(s, p, j, d + n);
>         /*
>          * Only resume if the session's version matches the negotiated
>          * version.
>          * RFC 5246 does not provide much useful advice on resumption
>          * with a different protocol version. It doesn't forbid it but
>          * the sanity of such behaviour would be questionable.
>          * In practice, clients do not accept a version mismatch and
>          * will abort the handshake with an error.
>          */
>         if (i == 1 && s->version == s->session->ssl_version) { /* previous
>                                                                 * session */
>             s->hit = 1;
>         } else if (i == -1)
>             goto err;
>         else {                  /* i == 0 */
> 
>             if (!ssl_get_new_session(s, 1))
>                 goto err;
>         }
> 
> Since s->version is with 0xFEFD and s->session->ssl_version is 0xFEFF,
> we always try for new session and wont land on to session resumption
> though client has sent the  session_id. 
> 
> Is this intended behaviour? Please clarify.


No. This appears to be a bug introduced by commit 03d14f588734 in
November 2014.

The real problem though is that the DTLS version negotiation is
happening too late - after session resumption. Interestingly this only
seems to be a problem in 1.0.2. In 1.1.0 this is working correctly (the
version negotiation logic has been substantially rewritten in the new
version).

Please could you try out the attached patch? Let me know how you get on.

Thanks

Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dtls-ver-before-sess.patch
Type: text/x-patch
Size: 3303 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160511/b4592642/attachment-0001.bin>

More information about the openssl-dev mailing list