Resetting DTLS server

Michael Richardson mcr at sandelman.ca
Tue Nov 12 07:53:27 UTC 2019



On 2019-11-12 7:38 a.m., Patrick Herbst wrote:
> If i setup a DTLS server, the client can connect once and send
> messages find.  but if the client restarts and tries to send data, the
> server hangs on SSL_read.

How are you handling the sockets on the server?
If you are creating a new 5-tuple [bind/connect] socket on the server
for each client, and the client then reuses it's socket, then it's
trying to speak the old instance on the server. 
> I'm assuming the server does not like a clienthello message when it is
> expecting application data.
>
> How can the server be made to recover and re-handshake with the
> restarted client?

Close the UDP socket on the client and open a new one to get a new
source port.
Does that work?  I'm not terribly happy with this solution, but it does
match what TCP would do.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191112/0da6090e/attachment.sig>


More information about the openssl-users mailing list