[openssl-users] DTLS and packet loss
matt at openssl.org
Mon Jun 1 14:29:48 UTC 2015
On 01/06/15 12:52, Alfred E. Heggestad wrote:
> Hey Matt,
> openssl version 1.0.2a on both sides (Client and Server)
>> Are you also running OpenSSL on the server side (and if so which version
>> The error message suggests that the NewSessionTicket message that has
>> been received by the client is incorrectly formatted.
>> A packet capture for a problem handshake might help diagnose the problem
> please see the attached PCAP file, in this case Packet #4 is dropped
> in the software (to simulate Packet-loss).
> that test-code has the following option set, to avoid fragmentation:
> SSL_set_options(tc->ssl, SSL_OP_NO_QUERY_MTU);
> DTLS_set_link_mtu(tc->ssl, 1480);
> please note that dropping Packet #1, #2 and #3 works as expected.
> but dropping the final packet (packet #4) does not work.
Thanks - I've figured it out. This is a manifestation of a known issue
with retransmits in 1.0.2a. It will be fixed in 1.0.2b. I have attached
a patch for 1.0.2a which should solve your problems for now.
The relevant 1.0.2 commits that fix this are here:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3593 bytes
Desc: not available
More information about the openssl-users