<div dir="ltr"><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><pre style="white-space:pre-wrap;color:rgb(0,0,0)">Hello !
I'm completely new to openssl, but I really need to implement a simple application which will use DTLS over UDP.
Unfortunately, it seems that all examples which I can find, correctly implement DTLS server, but not implement DTLS client side.</pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)">After going through various blogs and OpenSSL documentation, I wrote</pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)"><b>/*Client code*/</b></pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)"> const char* const PREFERRED_CIPHERS = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4:ADH-AES128-SHA:ADH-AES128-SHA256:ADH-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:@SECLEVEL=0";<br> const char *cipher_name;<br> int priority = 0;<br> STACK_OF(SSL_CIPHER) *cipher_n;<br><br> ctx = SSL_CTX_new(DTLS_client_method());<br> if (!ctx)<br> {<br> printf("Unable to create SSL context");<br> return E_FAILURE;<br> }<br> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_3 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1);<br><br> SSL_CTX_set_min_proto_version(ctx, DTLS_MIN_VERSION);<br> SSL_CTX_set_max_proto_version(ctx, DTLS_MAX_VERSION);<br> SSL_CTX_set_security_level(ctx, 0);<br> SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);<br> SSL_CTX_set_verify_depth (ctx, 1);<br> SSL_CTX_set_read_ahead(ctx, 1);<br><br> if (!SSL_CTX_use_certificate_file(ctx, <"Path to clientcert.pem">, SSL_FILETYPE_PEM))<br> {<br> printf("\nERROR: no certificate found!");<br> return E_FAILURE;<br> }<br> if (!SSL_CTX_use_PrivateKey_file(ctx, <"Path to clientkey.key">, SSL_FILETYPE_PEM))<br> {<br> printf("\nERROR: no private key found!");<br> return E_FAILURE;<br> }<br> if (!SSL_CTX_check_private_key (ctx))<br> {<br> printf("\nERROR: invalid private key!");<br> return E_FAILURE;<br> }<br><br> cipher_n = SSL_CTX_get_ciphers(ctx);<br> printf("%s\n", cipher_n);<br><br> iRet = SSL_CTX_set_cipher_list(ctx, PREFERRED_CIPHERS);<br> if(!(1 == iRet))<br> {<br> printf("\nERROR: SSL_set_cipher_list!");<br> }<br><br> ssl = SSL_new(ctx);<br> if (NULL == ssl)<br> {<br> fprintf(stderr, "SSL_new() failed\n");<br> return E_FAILURE;<br> }<br> SSL_set_connect_state(ssl);<br><br> while ((cipher_name = SSL_get_cipher_list(ssl, priority++)))<br> printf("%s\n", cipher_name);<br> printf("\n");<br><br> iRet = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);<br> if(!(1 == iRet))<br> {<br> printf("\nERROR: SSL_set_cipher_list!");<br> }<br> printf("\nSSL connection on socket %d,Version: %s, Cipher: %s", fd, SSL_get_version(ssl), SSL_get_cipher(ssl));<br><br> SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);<br> SSL_set_fd(ssl, fd);<br><br> bio = BIO_new_dgram(fd, BIO_NOCLOSE);<br> SSL_set_bio(ssl, bio, bio);<br><br> /* ---------------------------------------------------------- *<br> * Try to SSL-connect here, returns 1 for success *<br> * ---------------------------------------------------------- */<br>RetrySSLConnect:<br> iRet = SSL_connect(ssl);<br> int err = SSL_get_error(ssl, iRet);<br> switch (err)<br> {<br> case SSL_ERROR_NONE:<br> goto SSLConnectSuccess;<br> case SSL_ERROR_WANT_WRITE:<br> case SSL_ERROR_WANT_READ:<br> Sleep(100);<br> goto RetrySSLConnect;<br> case SSL_ERROR_SYSCALL:<br> case SSL_ERROR_WANT_X509_LOOKUP:<br> case SSL_ERROR_ZERO_RETURN:<br> case SSL_ERROR_SSL:<br> {<br> if((err == SSL_ERROR_SSL) || (err == SSL_ERROR_SYSCALL))<br> {<br> char msg[1024];<br> ERR_error_string_n(ERR_get_error(), msg, sizeof(msg));<br> printf("%s,, %s,, %s,, %s\n", msg, ERR_lib_error_string(0), ERR_func_error_string(0), ERR_reason_error_string(0));<br> }<br> }<br> default:<br> printf("\nSSL_connect error:%s %d", ERR_reason_error_string(ERR_get_error()), ERR_get_error());<br> return E_FAILURE;<br> }</pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)">Server I am running on same machine with below command</pre><div><b>C:\Program Files\OpenSSL-Win32\bin></b>openssl s_server -accept 9902 -cert server.pem -key serverkey.key -dtls -debug<br></div><div><br></div><div>When I execute my client I get below <b>Output/error</b></div><div><<br>TLS_AES_256_GCM_SHA384<br>TLS_CHACHA20_POLY1305_SHA256<br>TLS_AES_128_GCM_SHA256<br>AES128-SHA<br><br>SSL connection on socket 8872,Version: DTLSv1.2, <b>Cipher: (NONE)error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available</b>,, (null),, (null),, (null)<br></div><div><br></div><div>I already searched a lot, tried different codes but nothing worked.</div><div><br></div><div>Can someone please help me???<font color="#888888"><br></font></div><font color="#888888"><div><br></div>--<br><div dir="ltr">SN</div></font></div></div>