Hi all, The patch that disable renegotiation has broken DTLS's ClientHello exchange in 0.9.8l. Server sends an Alert together with HelloVerifyRequest...
Thanks, Alex. alexl-lnx2:~/openssl-098l/openssl/apps> ./openssl s_server -dtls1 -debug Using default temp DH parameters Using default temp ECDH parameters ACCEPT read from 0x6ca6e0 [0x6cfd10] (18437 bytes => 99 (0x63)) 0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 56 01 00 00 ............V... 0010 - 4a 00 00 00 00 00 00 00-4a fe ff 4a fb 13 fd 30 J.......J..J...0 0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49 .#..3yp.c./..>RI 0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00 ..1... .1.&...". 0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00 9.8.5.......3.2. 0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00 /............... 0060 - 06 01 .. 0063 - <SPACES/NULS> write to 0x6ca6e0 [0x6d9f00] (28 bytes => 28 (0x1C)) 0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 0f 03 00 00 ................ 0010 - 03 00 00 00 00 00 00 00-03 fe ff ........... 001c - <SPACES/NULS> write to 0x6ca6e0 [0x6d9f00] (15 bytes => 15 (0xF)) 0000 - 15 fe ff 00 00 00 00 00-00 00 01 00 02 02 28 ..............( ERROR 5875:error:1408A044:SSL routines:SSL3_GET_CLIENT_HELLO:internal error:s3_srvr.c: 725: shutting down SSL CONNECTION CLOSED ACCEPT read from 0x6ca6e0 [0x6cfd10] (18437 bytes => 99 (0x63)) 0000 - 16 fe ff 00 00 00 00 00-00 00 01 00 56 01 00 00 ............V... 0010 - 4a 00 01 00 00 00 00 00-4a fe ff 4a fb 13 fd 30 J.......J..J...0 0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49 .#..3yp.c./..>RI 0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00 ..1... .1.&...". 0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00 9.8.5.......3.2. 0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00 /............... 0060 - 06 01 .. 0063 - <SPACES/NULS> =============================== alexl-lnx2:~/openssl-098l/openssl/apps> ./openssl s_client -dtls1 -debug CONNECTED(00000003) write to 0x6ca8a0 [0x6d46e0] (99 bytes => 99 (0x63)) 0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 56 01 00 00 ............V... 0010 - 4a 00 00 00 00 00 00 00-4a fe ff 4a fb 13 fd 30 J.......J..J...0 0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49 .#..3yp.c./..>RI 0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00 ..1... .1.&...". 0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00 9.8.5.......3.2. 0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00 /............... 0060 - 06 01 .. 0063 - <SPACES/NULS> read from 0x6ca8a0 [0x6cfed0] (18437 bytes => 28 (0x1C)) 0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 0f 03 00 00 ................ 0010 - 03 00 00 00 00 00 00 00-03 fe ff ........... 001c - <SPACES/NULS> write to 0x6ca8a0 [0x6da0c0] (99 bytes => 99 (0x63)) 0000 - 16 fe ff 00 00 00 00 00-00 00 01 00 56 01 00 00 ............V... 0010 - 4a 00 01 00 00 00 00 00-4a fe ff 4a fb 13 fd 30 J.......J..J...0 0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49 .#..3yp.c./..>RI 0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00 ..1... .1.&...". 0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00 9.8.5.......3.2. 0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00 /............... 0060 - 06 01 .. 0063 - <SPACES/NULS> read from 0x6ca8a0 [0x6cfed0] (18437 bytes => 15 (0xF)) 0000 - 15 fe ff 00 00 00 00 00-00 00 01 00 02 02 28 ..............( 5876:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:963:SSL alert number 40 5876:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl handshake failure:d1_pkt.c:1153: alexl-lnx2:~/openssl-HOB/openssl-098l/openssl/apps>