[openssl-users] DTLS Handshake fails with DTLSv1_listen
Vijayakumar Kaliaperumal
vkaliape at gmail.com
Thu Feb 23 18:02:16 UTC 2017
Hi,
While writing a DTLS server using DTLSv1_listen(), I found that when
I receive a fragmented clienthello from the client, DTLS handshake fails.
DTLSv1_listen stuck in the while loop (in the app).
When I checked the man page of DTLSv1_listen(), it clearly says that API
does not handle a fragmented clienthello. as it operates entirely
statelessly ( Safeguard against DOS attacks ? )
However DTLS RFC clearly states that implementation must handle fragmented
handshake messages
RFC 4347 Datagram Transport Layer Security:
“When a DTLS implementation receives a handshake message fragment, it MUST
buffer it until it has the entire handshake message.”
Avoiding the fragmented clienthello is the only way out for this problem ?
or any other alternatives exist ?
Regards,
Vijay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170223/e8c48310/attachment.html>
More information about the openssl-users
mailing list