Hi,

While writing  a DTLS server using  DTLSv1_listen(),   I found  that  when
I receive a fragmented clienthello from the client,  DTLS handshake fails.
DTLSv1_listen stuck in the while loop (in the app).
When I checked the man page of DTLSv1_listen(),  it clearly says that API
does not handle a fragmented clienthello.  as it operates entirely
statelessly ( Safeguard against  DOS attacks ? )

However DTLS RFC clearly states that implementation must handle fragmented
handshake messages

RFC 4347 Datagram Transport Layer Security:
“When a DTLS implementation receives a handshake message fragment, it MUST
buffer it until it has the entire handshake message.”

Avoiding the fragmented clienthello is the only way out for this problem ?
or any other alternatives exist ?

Regards,
Vijay
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to