Hi, While writing a DTLS server using DTLSv1_listen(), I found that when I receive a fragmented clienthello from the client, DTLS handshake fails. DTLSv1_listen stuck in the while loop (in the app). When I checked the man page of DTLSv1_listen(), it clearly says that API does not handle a fragmented clienthello. as it operates entirely statelessly ( Safeguard against DOS attacks ? )
However DTLS RFC clearly states that implementation must handle fragmented handshake messages RFC 4347 Datagram Transport Layer Security: “When a DTLS implementation receives a handshake message fragment, it MUST buffer it until it has the entire handshake message.” Avoiding the fragmented clienthello is the only way out for this problem ? or any other alternatives exist ? Regards, Vijay
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users