[openssl-users] Query regarding DTLS handshake

Matt Caswell matt at openssl.org
Thu Apr 20 13:23:24 UTC 2017

On 20/04/17 14:19, Martin Brejcha wrote:
> Matt Caswell wrote on 04/20/2017 01:29 PM:
>> On 20/04/17 12:26, mahesh gs wrote:
>>> Hi Matt,
>>> Yes I raised github case for the same issue. I also tried running this
>>> call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and
>>> handshake is successful with the latest SNAPSHOT code which is not an
>>> official release.
>>> I checked the github repo history and observer that during commits on
>>> (11 th Jan) as a part of "Move state machine knowledge out of the record
>>> layer".  "renegotiate" bit that is set to "2" in function
>>> "tls_post_process_client_hello" has been removed. May be that is causing
>>> the call flow to be successful in the latest SNAPSHOT release.
>>> I am assuming commits that are done on 11th Jan or later are not part of
>>> release openssl 01.01.00e
>> Ah. No. That commit is in the dev branch only (scheduled for version
>> 1.1.1) and won't be backported to the 1.1.0 branch. I can see why that
>> commit might help things, but probably a different solution is more
>> appropriate for 1.1.0.
>> I'm looking at this issue at the moment.
>> Matt
> hi,
> btw: I've tested similar scenario and handshake works fine.
> test env: client and server on different VMs (rhel7.2, openssl 1.1.0e, non-blocking sockets and segmented certificate)
> So, it should work also with 1.1.0e version.

Thanks. Did your handshake include client auth? I think this issue only
arises in that case.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 480 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170420/eeb8a987/attachment.sig>

More information about the openssl-users mailing list