I am not sure about (1), but I second (2). In addition, I want to add to your list..
On 5/24/06, kiran kumar <
[EMAIL PROTECTED]> wrote:
3) The Version tag that is used to compute the MAC is {0x3, 0x1}, which is the TLS version number. It should use
{0xFE, 0xFF} instead.
4) The "CBC Residue" of the previous encryption is used as the IV of of the subsequent CBC encryption. This is TLS code incorrectly inherited into the DTLS code.
alex
The dtls implementation in OpenSSL-0.9.8a/0.9.8b seems to be non-conformant with RFC 4347 atleast in the following two cases:
1)Initial ClientHello and HelloVerifyRequest are included in the calculation of verify_data(HASH) for FINISHED message, whereas the standard specifies not to include.
2)The standard specifies the "VERSION" value in the header to be {254,255}, one's complement of DTLS 1.0 whereas the DTLS1_VERSION is defined to 0x0100.
3) The Version tag that is used to compute the MAC is {0x3, 0x1}, which is the TLS version number. It should use
{0xFE, 0xFF} instead.
4) The "CBC Residue" of the previous encryption is used as the IV of of the subsequent CBC encryption. This is TLS code incorrectly inherited into the DTLS code.
alex
