The dtls implementation in OpenSSL-0.9.8a/0.9.8b seems to be non-conformant with RFC 4347 atleast in the following two cases:
1)Initial ClientHello and HelloVerifyRequest are included in the
calculation of verify_data(HASH) for FINISHED message, whereas the
standard specifies not to include.
2)The standard specifies the "VERSION" value in the header to be
{254,255}, one's complement of DTLS 1.0 whereas the DTLS1_VERSION is
defined to 0x0100.
I would like to confirm if my understanding is correct and know the version of draft used for implementation.
Thanks in Advance,
Kiran Chunduri
- dtls support in OpenSSL-0.9.8a/0.9.8b kiran kumar
- Re: dtls support in OpenSSL-0.9.8a/0.9.8b Alex Lam
- Re: dtls support in OpenSSL-0.9.8a/0.9.8b kiran kumar
