[openssl-users] DTLS-over-UDP client example

aleksandr.derevianko at btsignal.ru aleksandr.derevianko at btsignal.ru
Thu Sep 13 13:43:17 UTC 2018

Hello !

I'm completely new to openssl, but really need to implement simple application which will use DTLS over UDP.

Unfortunelly, it seems that all examples which I can find, correctly implement DTLS server, but not implement DTLS client side.

For example, this one:


implement both client and server, but all connection from client to server have no encoding:
SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) returns "NULL-SHA256";
It's because client side sets SSL_CTX_set_cipher_list(ctx, "eNULL:!MD5");

If I try to connect to the dtls_udp_echo application in server mode using openssl s_client, it connects successfully and with encoding enabled ("AES256-SHA").

If I change client side SSL_CTX_set_cipher_list to "ALL", or "AES256:SHA" - SSL_connect() on client hangs forever.

I think, the reason is that server side require cookie exchange, and clients side doesn't implement it.
At least, if I connect using openssl s_client, on server side both verify_cookie and generate_cookie was called.
If I use example client, only generate_cookie was called.
Client just hangs forever, sending packets to server every few seconds until timeout expired (~8 minutes) and return

    SSL_connect: Resource temporarily unavailable
    error:1413C138:SSL routines:dtls1_check_timeout_num:read timeout expired

It seems for me that for DTLS connection, SSL_connect() doesn't implement cookies exchange.

I tryed to dig inside openssl s_client source code, but it's really too complex for me, it seems like s_client doesn't use
SSL_connect, instead, using more low-level functions.

So, does anybody have any simple client-side implementation of DTLS over UDP connection?

Александр Деревянко/Aleksander Derevianko
Нач. отдела новых аппаратно-программных средств
Бомбардье Транспортейшн (Сигнал)/Bombardier Transportation (Signal) Ltd.
T:   +74959255370 Доб. 265
M: +79859229755

More information about the openssl-users mailing list