Hello, This problem was described by Martin Vladic, but i cant find it in RT.
Here is description: "Let's suppose that handshake between client and server comes to the point where client sends this message flight to the server: Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finished [this message is protected] So, client comes to the stage when all subsequent messages shall be protected. In above message flight only last message (Finished) is protected. First four messages are unprotected. That's all OK. To continue, client needs following response from the server: ChangeCipherSpec Finished [this message is encrypted] What happens if such message doesn't arrive? Retransmission timer expires and client must send last flight again. But, OpenSSL DTLS implementation doesn't handle this situation very well. It sends the last flight of messages, but all messages are protected because implementation thinks that CipherSpec and keys are negotiated. I think that only last message must be protected, and first four must not (like it was in first transmission of the same flight)." Also, when client retransmits his last flight (5 messages), message "retransmit: message 4 non-existant" is printed to stderr. Even if client resends correct last flight (encrypting only Finished message), server will not retransmit his last flight (2 messages). Pavel ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
