DTLS server in OpenSSL 0.9.8

Tomas Mraz tomas at openssl.org
Fri May 19 07:22:54 UTC 2023 

As far as I remember the DTLS support in 0.9.8 is full of bugs and I
would not recommend to use it at all. 

That version is also unsupported for a long time and full of security
issues of various severity unless you use some vendor package which has
backported security patches.

Tomas Mraz, OpenSSL

On Thu, 2023-05-18 at 14:27 -0500, ed sandberg wrote:
> I am unable to get openssl 0.9.8 to work with dtls. I am able to
> start a 
> server with 1.1.1b like this:
> 
> ./openssl-1.1.1b/apps/openssl s_server -key ./rsa2048_key.pem -cert 
> ./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1 
> -timeout -mtu 5000
> 
> it works as I expect it to. Both netstat and nmap show the port is
> bound 
> and listening and the server responds to clients.
> 
> If I start the server the same way with 0.9.8 (I tried versions k and
> za):
> 
> $ ./openssl-0.9.8za/apps/openssl s_server -key ./rsa2048_key.pem -
> cert 
> ./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1 
> -timeout -mtu 5000
> 
> I get no error, the command continues to run as though it were
> waiting 
> for connections but it is not actually listening. Nmap reports the
> port 
> is closed and netstat does not list the port as bound:
> 
> $ netstat -n --udp --listen
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address State
> udp        0      0 0.0.0.0:5353            0.0.0.0:*
> udp        0      0 127.0.0.53:53           0.0.0.0:*
> udp        0      0 0.0.0.0:41130           0.0.0.0:*
> udp        0      0 0.0.0.0:631             0.0.0.0:*
> udp6       0      0 :::5353                 :::*
> udp6       0      0 :::58796                :::*
> udp6       0      0 :::6666                 :::*
> 
> $ sudo nmap -sU -p30005 127.0.0.1
> Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-18 14:07 CDT
> Nmap scan report for localhost (127.0.0.1)
> Host is up (0.000036s latency).
> 
> PORT      STATE  SERVICE
> 30005/udp closed unknown
> 
> Is my command incorrect for v0.9.8? If so can someone please provide
> a 
> correct example?
> 
> Thanks!
> 

-- 
Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list