Slow DTLS handshake in case of packet loss
Seller Steam
nojztrade at gmail.com
Mon Mar 30 07:04:50 UTC 2020
Hi,
I implemented a DTLS server using openssl. (I have an udp socket and I am
using a memory bio to communicate with openssl.)
However if there is packet loss the DTLS handshake could take 1-2 seconds,
which is a lot in my case.
The normal flow when there is no packet loss: (few milliseconds)
Client Hello ------------------------->
<------------------------- Server Hello
Rest of the handshake ---------->
<---------- Rest of the handshake
The flow I am experiencing: (few seconds)
Client Hello ------------------------->
<-------(lost)----------- Server Hello
Client Hello ------------------------->
Client Hello ------------------------->
Client Hello ------------------------->
<------------------------- Server Hello
Rest of the handshake ---------->
<---------- Rest of the handshake
I can easily reproduce it even in local environment directly dropping the
first Server Hello.
I am curious why the server does not respond to some several upcoming
Client Hello's.
If it would answer the handshake could complete well below 1 second but
this way it takes up 1-2 seconds, when it finally answers again for later
Client Hello's.
How could I make the DTLS handshake complete faster? (by enabling answer
for all Client Hello's for example, is there a way?)
Thanks in advance and best regards,
nojz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200330/8fe508c9/attachment.html>
More information about the openssl-users
mailing list