Surprising behaviour of DTLSv1_listen
Detlef Vollmann
dv at vollmann.ch
Thu Aug 20 19:28:49 UTC 2020
Hello,
if I do:
// ctx is setup with certificate, key and cookie callbacks
BIO *bio = BIO_new_dgram(sock, BIO_NOCLOSE);
SSL *ssl = SSL_new(ctx);
SSL_set_bio(ssl, bio, bio.get());
DTLS_set_link_mtu(ssl, 1000);
SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
SSL_set_accept_state(ssl);
SSL_accept(ssl);
then the MTU setting works as expected, i.e. the ServerHello
is split into two DTLS handshake fragments.
But if I do:
BIO *bio = BIO_new_dgram(sock, BIO_NOCLOSE);
SSL *ssl = SSL_new(ctx);
SSL_set_bio(ssl, bio, bio.get());
DTLS_set_link_mtu(ssl, 1000);
SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
SSL_set_accept_state(ssl);
DTLSv1_listen(ssl, addr.get());
SSL_accept(ssl);
then the ServerHello is sent as a single packet (>1500 bytes).
I think the reason is that DTLSv1_listen() internally
calls SSL_clear().
I find this pretty surprising.
I personally don't really care too much, as I'll do my
own cookie handshake without DTLSv1_listen() before I
call SSL_accept(), but I thought I'd report it anyway.
Detlef
More information about the openssl-users
mailing list