Re: Crash in DTLS (version 1.0.1c)

On Sep 17, 2012, at 3:25 PM, Fredrik Jansson wrote: Hi! I have found a crash in the DTLS code (OpenSSL 1.0.1c), unfortunately I don't have a way of reproducing it. This has happened to one client (of many) in a production environment, so it's not a common problem. The code that

Re: DTLS heartbeats

On Apr 22, 2013, at 7:11 PM, Tamer Refaei wrote: I guess my confusion was that I expected heartbeats to be automatically/frequently sent by DTLS but it seems they have to be triggered by your application by an SSL_heartbeat function call. Am I right? Correct. Best regards Michael On Fri,

Re: CVE 2014-0160 -- disabling the heartbeat

On 08 Apr 2014, at 19:19, mclellan, dave dave.mclel...@emc.com wrote: Hi all. There are two mitigations possible for the recently discovered Heartbleed attack. Ø Upgrade to 1.0.1g, released yesterday with a fix Ø Recompile a vulnerable release with –DOPENSSL_NO_HEARTBEATS Suppose

Re: DTLS cookies rendered useless by SSL_accept behavior

On Jul 24, 2011, at 12:40 AM, com...@gmx.ch wrote: Hi, I got some code which uses nonblocking dtls via self fed bios. If a unknown session comes up, I create a new session, feed/drain the sessions bios from/to the wire until SSL_accept returns success. Now, I added DTLS cookies. I

Re: SSL_OP_NO_QUERY_MTU problem in openssl 1.0.0.e

On Oct 19, 2011, at 11:45 PM, Oleg Moskalenko wrote: Hi I installed the new OpenSSL version and I immediately ran into a problem with DTLS: when the option SSL_OP_NO_QUERY_MTU is set, then the SSL_connect command produces a segmentation fault. Have you tried the first bug fix available

Re: DTLS - cannot make client detect restarted server

On Jan 3, 2012, at 11:17 AM, Fredrik Jansson wrote: Hi all, I am having some trouble with DTLS. I can easily get into a situation where my server is restarted (or the client's SSL object is removed for other reasons) and the client may not know. Now when the client sends data to the

Re: DTLS Handshake TImer

On Mar 15, 2012, at 7:39 PM, Erwin Himawan wrote: Hi Folks, Can anybody shed some light where to adjust DTLS flight timer? I think they are hardcoded. An initial value of 1 second and doubling on timeout as specified in http://tools.ietf.org/html/rfc6347#section-4.2.4.1 Best regards Michael

Re: OpenSSL port in FreeBSD: DTLS networking problem (DF bit not set)

On Jun 3, 2012, at 7:56 PM, Oleg Moskalenko wrote: Hi I am using the OpenSSL library with FreeBSD, primarily the DTLS functionality. Unfortunately, what I discovered, is that the DTLS networking requirements are implemented for Linux only in OpenSSL code. That code is protected by

Mac OS X DR 4

Dear opensslers, has someone compiled openssl compiled on MacOS X DR 4? Best regards Michael -- e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

On 12 Apr 2014, at 17:43, Matthias Apitz g...@unixarea.de wrote: El día Wednesday, April 09, 2014 a las 01:05:22AM -0700, monloi perez escribió: True. Thanks for the quick reply. On Wednesday, April 9, 2014 3:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

On 12 Apr 2014, at 21:30, Matthias Apitz g...@unixarea.de wrote: El día Saturday, April 12, 2014 a las 09:08:15PM +0200, Michael Tuexen escribió: What is the exact bug, can someone show a svn/git diff of the first source version having the bug? http://git.openssl.org/gitweb/?p=openssl.git

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

On 12 Apr 2014, at 21:43, Michael Smith m...@smithbowen.net wrote: On Apr 12, 2014, at 3:08 PM, Michael Tuexen michael.tue...@lurchi.franken.de wrote: I have read the rumor. It is wrong. Introduced with intent vs. known to the NSA -- two different things, right? My statement

Re: Possible Issue

On 14 Apr 2014, at 08:33, Me ugobejishv...@gmail.com wrote: possible vulnerable file: openssl-1.0.1g/ssl/d1_clnt.c Line: 155 unsigned char sctpauthkey[64]; fixed sized arrays can be overflowed. To fix the problem, use functions that limit length, or ensure that the size is larger than the

Re: SSL_MODE_ENABLE_PARTIAL_WRITE does not work in DTLS

On 31 Aug 2014, at 14:34, Iñaki Baz Castillo i...@aliax.net wrote: It is sad to know that this question will never be replied by the OpenSSL developers. May I know what I should do? I am not sure whether this is a bug or not, should I report it as a bug? If so, how? The OpenSSL homepage

Re: [openssl-users] DTLS for SCTP connections

> This is the lksctp-tools package for Linux Kernel SCTP (Stream Control > Transmission Protocol) Reference Implementation. > > > > Thanks, > Mahesh G S > > On Wed, Feb 22, 2017 at 8:33 PM, Michael Tuexen > <michael.tue...@lurchi.franken.de> wrote: > > On 2

Re: [openssl-users] DTLS for SCTP connections

./dtls_sctp_echo -L 16.181.38.161 -p 4443 > > Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 > -n 5 16.181.38.161 > > Thanks in advance for your valuable input I've CCed Irene, who did some testing recently on FreeBSD, where the implementation works. The

Re: [openssl-users] Query regarding DTLS handshake

> On 13. Apr 2017, at 19:26, Martin Brejcha wrote: > > > > Matt Caswell wrote on 04/13/2017 03:45 PM: >> >> >> On 13/04/17 10:11, mahesh gs wrote: >>> Hi, >>> >>> We are running SCTP connections with DTLS enabled in our application. We >>> have adapted openssl

Re: [openssl-users] Query regarding DTLS handshake

> On 13. Apr 2017, at 11:11, mahesh gs wrote: > > Hi, > > We are running SCTP connections with DTLS enabled in our application. We have > adapted openssl version (openssl-1.1.0e) to achieve the same. > > We have generated the self signed root and node certificates for

Re: [openssl-users] Reg, TLS over SCTP (SOCK_SEQPACKET)

> On 1 Mar 2017, at 06:34, Sanjaya Joshi wrote: > > Hi, > Thank you Salz Rich for the confirmation. > So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET > is used ? I this the SOCK_SEQPACKET model doesn't fit well to the way the openssl code

Re: [openssl-users] Query regarding DTLS handshake

> On 13. Apr 2017, at 11:11, mahesh gs wrote: > > Hi, > > We are running SCTP connections with DTLS enabled in our application. We have > adapted openssl version (openssl-1.1.0e) to achieve the same. > > We have generated the self signed root and node certificates for

Re: [openssl-users] Query regarding DTLS handshake

> On 2. May 2017, at 08:03, mahesh gs <mahesh...@gmail.com> wrote: > > > > On Sun, Apr 30, 2017 at 11:11 PM, Michael Tuexen > <michael.tue...@lurchi.franken.de> wrote: > > On 20. Apr 2017, at 20:01, mahesh gs <mahesh...@gmail.com> wrote: > &g

Re: [openssl-users] Query regarding DTLS handshake

> On 20. Apr 2017, at 20:01, mahesh gs wrote: > > Hi, > > This issue occur purely based on the time (sequence of events) at which SSL > read_state_machine enter the post processing of certificate verify which is > received from client. > > Handshake works fine if the

Re: [openssl-users] Query regarding the SCTP events for DTLS connections

> On 28. Sep 2017, at 20:36, mahesh gs wrote: > > Hi, > > We have an application which has SCTP connections we have secured the SCTP > connections using the openssl DTLS. DTLS is working as expected other than > the SCTP events. > > We use the API "BIO_new_dgram_sctp"

Re: opensssl 1.1.1g test failure(s)

> On 21. Apr 2020, at 23:49, Matt Caswell wrote: > > > > On 21/04/2020 18:34, Claus Assmann wrote: >> Thanks for the reply, below is the output, It seems it only fails >> because the host doesn't support IPv6? > > Yes - it does seem to be an IPv6 problem. I don't recall any recent > changes

Re: opensssl 1.1.1g test failure(s)

> On 22. Apr 2020, at 10:38, Matt Caswell wrote: > > > > On 21/04/2020 23:45, Michael Tuexen wrote: >>> Looks like the failing call is here: >>> >>> if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, >>> (const void *