On Apr 28, 2011, at 6:18 PM, N. J. wrote: > Hi Michael, > > Just tried it with my 1.0.0a code and Robin's patch. It is the same behaviour > when using "-reconnect": > 1. The client connects to the server and completes the first DTLS handshake > successfully. > 2. The client sends and encrypted alert followed by a client hello > 3. No response is received from the server and the client begins > re-transimitting the client hellos. Hi Nadhem,
hmmm. Could you provide a capture file in .pcap format? You can send it privately to me. I'm interested in the epoch of the second client hello? Best regards Michael > > > Regards, > Nadhem > > From: Michael Tüxen <[email protected]> > To: N. J. <[email protected]> > Cc: [email protected] > Sent: Thu, April 28, 2011 2:04:42 PM > Subject: Re: s_client -reconnect with DTLS > > On Apr 22, 2011, at 11:40 PM, N. J. wrote: > > > Thanks Michael and Robin, > > I will be waiting for your response. > Hi Nadhem, > > could you try the patches Robin has posted yesterday to the list > and report if they fix the problem you are experiencing? > At least for us it fixed it. > > Thanks for reporting the problem. > > Best regards > Michael > > > > Meanwhile, enjoy your Easter holiday. > > > > Cheers, > > Nadhem > > > > From: Michael Tüxen <[email protected]> > > To: [email protected] > > Cc: Andrey Kulikov <[email protected]> > > Sent: Sat, April 23, 2011 12:08:12 AM > > Subject: Re: s_client -reconnect with DTLS > > > > On Apr 22, 2011, at 2:56 PM, N. J. wrote: > > > > > Thanks for the reply Andy, > > > > > > Please find hereafter the full description. I hope it is more clear. > > > > > > 1. What are you doing exactly: > > > N> > > > I am testing the session resumption feature available with OpenSSL using > > > "s_client". My setup has a machine running "s_client and another one > > > running "s_server". I am using OpenSSL 1.0.0a. > > > I am testing with both, TLS and DTLS, and I uses the "-reconnect" handler > > > to test the session resumption feature. For example: > > > openssl s_client -connect 10.1.1.1:4443 -dtls1 -reconnect > > > " -reconnect - Drop and re-make the connection with the same > > > Session-ID" > > > > > > 3. What do you expect to see. > > > N> > > > I expect to see the following in accordance to the documentation of > > > OpenSSL: > > > "The client reconnects to the same server 5 times using the same session > > > ID" > > > > > > 2. What do you see. > > > N> > > > With TLS all good, I can see the session getting resumed as per the > > > OpenSSL's documentaton. I can see the client sending the session > > > resumption hellos and the server replying back and both finishing the > > > session resumption cycle multiple times. > > > > > > When I use DTLS instead, with the "-dtls1" handler, I can see the client > > > and server getting initially connected. However, when the client tries to > > > reconnect by sending a session resumption client hello, the server never > > > respond. > > Dear all, > > > > Robin Seggelmann and myself have verified that there is some > > issue using DTLS. He will look into this as soon as time permits... > > > > Best regards > > Michael > > > > > > > > > Thanks, > > > Nadhem > > > From: Andrey Kulikov <[email protected]> > > > To: [email protected] > > > Sent: Fri, April 22, 2011 3:26:56 PM > > > Subject: Re: s_client -reconnect with DTLS > > > > > > Hello, > > > > > > I'm sure you'll get help faster, if you describe: > > > 1. What are you doing exactly. > > > 2. What do you see. > > > 3. What do you expect to see. > > > > > > This is absolutelly necessary steps, as all telepathist is on vacation > > > now. > > > > > > On 22 April 2011 15:50, N. J. <[email protected]> wrote: > > > Hi again, > > > > > > > > > I am not sure if someone can help confirming that the "-reconnect" option > > > is broken with the dtls implementation? Please refer to my email below. > > > Looking forward for your support. > > > > > > Regards, > > > Nadhem > > > > > > Hi there, > > > > > > I have been trying to get the s_client "-reconnect" option working with > > > my s_server but had no luck when using DTLS, "-dtls1". > > > I could not find any information why it is not working so I wonder if > > > this is broken in openssl 1.0.0a. If so, is there any fix? > > > > > > Thanks in advance, > > > Nadhem > > > > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > Development Mailing List [email protected] > > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
