[openssl-dev] DTLS session resumption with DTLS_ANY_VERSION

Fri May 13 17:33:19 UTC 2016

Hi Matt,

Thanks for the response.

But, this fix doesn't perform session resumption.

Thanks,
Rajeswari.

On Wed, May 11, 2016 at 2:56 PM, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 10/05/16 18:34, Rajeswari K wrote:
> > Hello openssl-dev team,
> >
> > Having query regarding DTLS session resumption when configured SSL_CTX
> > with DTLS_ANY_VERSION.
> >
> > When we select SSL_CTX with DTLS_ANY_VERSION, method will be of
> > DTLS_Server_method(), which will have ssl_ctx->version as 0xFEFD to
> > support both the versions (i.e. DTLS1.0 and DTLS1.2).
> >
> > During handshake, we landed on to version DTLS1.0.i.e.
> > s->session->version holds 0xFEFF.
> >
> > In order to perform session resumption, we derived new SSL structure
> > from global ssl_ctx using SSL_new() and tried performing ssl handshake.
> >
> > With the below logic,
> > else {
> >         i = ssl_get_prev_session(s, p, j, d + n);
> >         /*
> >          * Only resume if the session's version matches the negotiated
> >          * version.
> >          * RFC 5246 does not provide much useful advice on resumption
> >          * with a different protocol version. It doesn't forbid it but
> >          * the sanity of such behaviour would be questionable.
> >          * In practice, clients do not accept a version mismatch and
> >          * will abort the handshake with an error.
> >          */
> >         if (i == 1 && s->version == s->session->ssl_version) { /*
> previous
> >                                                                 *
> session */
> >             s->hit = 1;
> >         } else if (i == -1)
> >             goto err;
> >         else {                  /* i == 0 */
> >
> >             if (!ssl_get_new_session(s, 1))
> >                 goto err;
> >         }
> >
> > Since s->version is with 0xFEFD and s->session->ssl_version is 0xFEFF,
> > we always try for new session and wont land on to session resumption
> > though client has sent the  session_id.
> >
> > Is this intended behaviour? Please clarify.
>
>
> No. This appears to be a bug introduced by commit 03d14f588734 in
> November 2014.
>
> The real problem though is that the DTLS version negotiation is
> happening too late - after session resumption. Interestingly this only
> seems to be a problem in 1.0.2. In 1.1.0 this is working correctly (the
> version negotiation logic has been substantially rewritten in the new
> version).
>
> Please could you try out the attached patch? Let me know how you get on.
>
> Thanks
>
> Matt
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160513/aa9ab192/attachment-0001.html>