[openssl-users] DTLS server records repeated

Michael Richardson mcr at sandelman.ca
Wed Feb 21 21:38:18 UTC 2018 

I'm capturing from my DTLS client and server, with CoAP running on top.
I've been debugging some ruby-level I/O buffering issues.
I noticed this while capturing, and used tshark to get this print out.
(I've added columns for port numbers)

  2  66.009171          ::2 35345 ::2          5684 DTLSv1.0 263 Client Hello
  3  66.009494          ::2 5684 ::2          35345 DTLSv1.0 122 Hello Verify Request
  4  66.009798          ::2 35345 ::2          5684 DTLSv1.0 295 Client Hello
  5  66.011771          ::2 5684 ::2          35345 DTLSv1.2 810 Server Hello, Certificate, Server Key Exchange[Malformed Packet]

The Hello/Verify/Hello makes complete sense.
tshark claims there is a malformed packet, but it seems to be the opinion
of wireshark/tshark 1.12.1, as 2.2.6 (on my desktop vs laptop)
has no problem with the packet.

But, why are the Server Hello, Certificate and ServerKeyExchange then
repeated in another three packets?  The sequence numbers in the DTLS header
seem to increment as well.  It's like some PMTU detector is getting confused
and trying to send again.

  6  67.037421          ::2 5684 ::2          35345 DTLSv1.2 148 Server Hello
  7  67.037453          ::2 5684 ::2          35345 DTLSv1.2 562 Certificate
  8  67.037468          ::2 5684 ::2          35345 DTLSv1.2 199 Server Key Exchange[Malformed Packet]

And then things proceed, apparently just fine.

  9  67.037482          ::2 5684 ::2          35345 DTLSv1.2 87 Server Hello Done

 10  67.037518          ::2 35345 ::2          5684 DTLSv1.0 295 Client Hello
 11  67.041860          ::2 35345 ::2          5684 DTLSv1.2 195 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
 12  67.044257          ::2 5684 ::2          35345 DTLSv1.2 328 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
 13  67.044909          ::2 35345 ::2          5684 DTLSv1.2 135 Application Data
 14  67.056746          ::2 5684 ::2          35345 DTLSv1.2 111 Application Data

http://junk.sandelman.ca/junk/dtls1.pcap if you want to see more details.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180221/786c630d/attachment.sig>

More information about the openssl-users mailing list