DTLS server in OpenSSL 0.9.8

ed sandberg ed.sandberg at galois.com
Fri May 19 13:10:16 UTC 2023 

Thanks Tomas,

I am aware the bugs and security issues. I am not trying to use it in 
production.

I need it to function for some testing.

On 5/19/23 02:22, Tomas Mraz wrote:
> As far as I remember the DTLS support in 0.9.8 is full of bugs and I
> would not recommend to use it at all.
> 
> That version is also unsupported for a long time and full of security
> issues of various severity unless you use some vendor package which has
> backported security patches.
> 
> Tomas Mraz, OpenSSL
> 
> On Thu, 2023-05-18 at 14:27 -0500, ed sandberg wrote:
>> I am unable to get openssl 0.9.8 to work with dtls. I am able to
>> start a
>> server with 1.1.1b like this:
>>
>> ./openssl-1.1.1b/apps/openssl s_server -key ./rsa2048_key.pem -cert
>> ./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1
>> -timeout -mtu 5000
>>
>> it works as I expect it to. Both netstat and nmap show the port is
>> bound
>> and listening and the server responds to clients.
>>
>> If I start the server the same way with 0.9.8 (I tried versions k and
>> za):
>>
>> $ ./openssl-0.9.8za/apps/openssl s_server -key ./rsa2048_key.pem -
>> cert
>> ./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1
>> -timeout -mtu 5000
>>
>> I get no error, the command continues to run as though it were
>> waiting
>> for connections but it is not actually listening. Nmap reports the
>> port
>> is closed and netstat does not list the port as bound:
>>
>> $ netstat -n --udp --listen
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address           Foreign Address State
>> udp        0      0 0.0.0.0:5353            0.0.0.0:*
>> udp        0      0 127.0.0.53:53           0.0.0.0:*
>> udp        0      0 0.0.0.0:41130           0.0.0.0:*
>> udp        0      0 0.0.0.0:631             0.0.0.0:*
>> udp6       0      0 :::5353                 :::*
>> udp6       0      0 :::58796                :::*
>> udp6       0      0 :::6666                 :::*
>>
>> $ sudo nmap -sU -p30005 127.0.0.1
>> Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-18 14:07 CDT
>> Nmap scan report for localhost (127.0.0.1)
>> Host is up (0.000036s latency).
>>
>> PORT      STATE  SERVICE
>> 30005/udp closed unknown
>>
>> Is my command incorrect for v0.9.8? If so can someone please provide
>> a
>> correct example?
>>
>> Thanks!
>>
> 

-- 
Edward Sandberg
Galois, Inc

More information about the openssl-users mailing list