[openssl-users] Query regarding DTLS handshake

Matt Caswell matt at openssl.org
Thu Apr 20 11:29:54 UTC 2017



On 20/04/17 12:26, mahesh gs wrote:
> Hi Matt,
> 
> Yes I raised github case for the same issue. I also tried running this
> call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and
> handshake is successful with the latest SNAPSHOT code which is not an
> official release.
> 
> I checked the github repo history and observer that during commits on
> (11 th Jan) as a part of "Move state machine knowledge out of the record
> layer".  "renegotiate" bit that is set to "2" in function
> "tls_post_process_client_hello" has been removed. May be that is causing
> the call flow to be successful in the latest SNAPSHOT release.
> 
> I am assuming commits that are done on 11th Jan or later are not part of
> release openssl 01.01.00e

Ah. No. That commit is in the dev branch only (scheduled for version
1.1.1) and won't be backported to the 1.1.0 branch. I can see why that
commit might help things, but probably a different solution is more
appropriate for 1.1.0.

I'm looking at this issue at the moment.

Matt

> 
> 
> Thanks,
> Mahesh G S 
> 
> On Wed, Apr 19, 2017 at 6:56 PM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> 
>     For those following this discussion Mahesh has created a github issue
>     with much more detail (at least I am assuming this is the same issue):
> 
>     https://github.com/openssl/openssl/issues/3251
>     <https://github.com/openssl/openssl/issues/3251>
> 
>     Matt
> 
> 
>     On 18/04/17 21:17, Michael Tuexen wrote:
>     >> On 13. Apr 2017, at 11:11, mahesh gs <mahesh116 at gmail.com
>     <mailto:mahesh116 at gmail.com>> wrote:
>     >>
>     >> Hi,
>     >>
>     >> We are running SCTP connections with DTLS enabled in our
>     application. We have adapted openssl version (openssl-1.1.0e) to
>     achieve the same.
>     >>
>     >> We have generated the self signed root and node certificates for
>     testing. We have a strange problem with the incomplete DTLS
>     handshake if we run the DTLS client and DTLS server is different
>     systems.If we run the DTLS client and server in same system
>     handshake is successful, handshake is not successful if run client
>     and server in different VM's.
>     >>
>     >> This strange problem happens only for SCTP/DTLS connection. With
>     the same set of certificates TCP/TLS connection is successful and we
>     are able to exchange the application data.
>     >>
>     >> I am attaching the code bits for SSL_accept and SSL_connect and
>     also the wireshark trace of unsuccessful handshake. Please assist me
>     to debug this problem.
>     >>
>     >> SSL_accept returns  SSL_ERROR_WANT_READ(2) infinite times but
>     SSL_connect is called 4 or 5 times and select system call timeout.
>     > Which OS are you using? With a test program I could reproduce
>     SSL_accept() returning SSL_ERROR_WANT_READ under FreeBSD,
>     > but not under Linux. Haven't figured out what the problem is. So
>     if you are using FreeBSD we might experience the same problem...
>     >
>     > Best regards
>     > Michael
>     >>
>     >> Thanks,
>     >> Mahesh G S
>     >>
>     >>
>     >> <testcode.txt><proxy.cap>--
>     >> openssl-users mailing list
>     >> To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 


More information about the openssl-users mailing list