Passing the same data to SSL_do_handshake multiple times

[Michal Sledz]

Hi,
I am trying to perform DTLS handshake with web browsers. At this moment
connecting with Firefox works well but I have a small problem with Google
Chrome.

The flow is as follows.
Chrome sends ClientHello
My server receives ClientHello and passes it to SSL_do_handshake.
SSL_do_handshake generates ServerHello.
I try to send ServerHello but because I use ICE my connection is not ready
to send yet and the process fails.
Chrome doesn't see a response for its ClientHello so it performs
retransmission of ClientHello.
My server receives retransmitted ClientHello and passes it to
SSL_do_handshake.
In the meantime ICE is ready to send messages to Chrome.
SSL_do_handshake receives retransmitted ClientHello but this time it
doesn't generate ServerHello.
The situation continues to happen and finally after passing ClientHello for
the 3rd or 4th time SSL_do_handshake generates once again ServerHello which
now I can send to Chrome.

My question is: should I cache the ServerHello generated at first time and
then after receiving retransmission of ClientHello just send
cached ServerHello or I should pass retransmitted ClientHello to
SSL_do_handshake (as I am doing it now) and hope it will generate
ServerHello once again? Is it expected behaviour that SSL_do_handshake
after receiving exactly the same ClientHello doesn't generate ServerHello
once again?

Best regards,
Michał
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210226/4bcf8565/attachment-0001.html>