Resetting DTLS server

Patrick Herbst paherbst at
Tue Nov 12 14:30:39 UTC 2019

On Tue, Nov 12, 2019 at 9:07 AM Michael Richardson <mcr at> wrote:
> so you are showing me your server code, correct, and this is for DTLS,
> right?
> Do you call DTLSv1_accept()?

Yes, DTLS.  There is no DTLSv1_accept.  SSL_accept should work because
it is based on 'method' and underlying BIO.  I left some steps out of
my example code (i was just hand typing it one the fly, not

> You don't seem to be creating a new socket anywhere, or calling
> connect() on this socket.
> I'm not sure I understand your comment above about connect would not be
> a difference.
> If your DGRAM socket is not connected, how can you send packets back?
> It would be nice
> if DTLS code would store the origin of every packet and demux it into
> multiple SSL*, but it doesn't work that way.

I'm not creating a new socket because it is UDP, and i'm assuming only
one client.  If you use a BIO_new_dgram, then you dont need to
"connect" the UDP socket, the dgram BIO will keep track of the
client's addr.  So because of this behavior, "connect" doesn't change
anything.  I have called "connect" on the sockets in other tests, but
it gives the exact same result.

SSL_accept waits for a 'clienthello', which the underlying dgram BIO
will store the client's addr, so that when SSL_accept writes the
response via the BIO, it'll get sent to the proper address.  My tests
show this working just fine the first time the client connects; the
server handshakes and can read messages.

Even if i were the "connect" the socket to the clients addr, the
client comes up with the same addr/port combination, so the server's
"connected" UDP socket will continue reading mesgs from the client.
BUT it'll get stuck in SSL_read when the client restarts because
SSL_read is not expecting a "clienthello", and the library continues
to try to read more packets.

Here is a more correct version of the code

s=socket(AF_INET, SOCK_DGRAM, 0);
bind(s, &serverAddr, sizeof(serverAddr));
bio=BIO_new_dgram(s, BIO_NOCLOSE);
SSL_set_bio(ssl, bio, bio);
// at this point the client is authenticated and handshake is
complete.  ssl's underlying BIO has the clients addr.
while (1) {
  FD_SET(s, &fds);
  select(FD_SETSIZE, fds, NULL, NULL, NULL);
  if (FD_ISSET(s)) {
    n=SSL_read(ssl, buffer, sizeof(buffer));
    if (n>0) {
      printf("rx: %s\n", buffer);
    } else {
      printf("bad things\n");

> > am i missing something? is this worth fixing in the library?  is this
> > intended behavior?

More information about the openssl-users mailing list