[openssl-users] DTLS for SCTP connections

Michael Tuexen Michael.Tuexen at lurchi.franken.de
Wed Feb 22 15:03:00 UTC 2017 

> On 22 Feb 2017, at 07:47, mahesh gs <mahesh116 at gmail.com> wrote:
> 
> Hi,
> 
> Thank you for sharing the sample code.
> 
> I tried running SCTP DTLS Echo server and client. I am facing strange problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the server side. 
> 
> Client side back trace
> 
> (gdb) bt
> #0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
> #1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 "\026\376\377", outl=17741) at bss_dgram.c:1178
> #2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741) at bio_lib.c:210
> #3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, extend=<value optimized out>) at s3_pkt.c:258
> #4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
> #5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
> #6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
>     at d1_both.c:908
> #7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
> #8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at s3_clnt.c:2458
> #9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
> #10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
> #11 0x0000000000403573 in main ()
> 
> 
> Server side back trace
> 
> (gdb) info threads
>   2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> * 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from /lib64/libpthread.so.0
> (gdb) t 2
> [Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> (gdb) bt
> #0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> #1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at bss_dgram.c:1803
> #2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
> #3  0x00000000004021ee in connection_handle(void*) ()
> #4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
> #5  0x0000003db48e890d in clone () from /lib64/libc.so.6
> (gdb)
> 
> 
> I am also attaching the wireshark trace (port 4443) and a server key for decoding wireshark.
> 
> Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443
> 
> Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 -n 5 16.181.38.161
> 
> Thanks in advance for your valuable input
I've CCed Irene, who did some testing recently on FreeBSD, where the implementation works.
The server is waiting for a sender dry event which it should get.

Which version of OpenSSL are you using and which OS are you using?

Best regards
Michael
> 
> Regards,
> Mahesh G S
> 
> 
> 
> On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <Michael.Tuexen at lurchi.franken.de> wrote:
> > On 21 Feb 2017, at 09:53, mahesh gs <mahesh116 at gmail.com> wrote:
> >
> > Hi,
> >
> > We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
> >
> > I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
> >
> > http://sctp.fh-muenster.de/dtls-samples.html
> Try
> http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
> and yes, we need to bring the machine up again.
> 
> Best regards
> Michael
> >
> > If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
> >
> > Looking forward to your valuable inputs.
> >
> > Thanks,
> > Mahesh G S
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> <log.pcap><server.key.pem>-- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list