[openssl-users] DTLS Handshake fails with DTLSv1_listen
vkaliape at gmail.com
Thu Feb 23 18:02:16 UTC 2017
While writing a DTLS server using DTLSv1_listen(), I found that when
I receive a fragmented clienthello from the client, DTLS handshake fails.
DTLSv1_listen stuck in the while loop (in the app).
When I checked the man page of DTLSv1_listen(), it clearly says that API
does not handle a fragmented clienthello. as it operates entirely
statelessly ( Safeguard against DOS attacks ? )
However DTLS RFC clearly states that implementation must handle fragmented
RFC 4347 Datagram Transport Layer Security:
“When a DTLS implementation receives a handshake message fragment, it MUST
buffer it until it has the entire handshake message.”
Avoiding the fragmented clienthello is the only way out for this problem ?
or any other alternatives exist ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users