Hi John, On 11.06.2011, at 16:42, John Fitzgibbon via RT wrote:
> In the attached pcap, the first five packets represent a complete DTLS > handshake, (the client-side app is using OpenSSL 1.0.0d against a Cisco ASA > server). However, packets 6 and 7 appear to be retranmissions, (from the > client-side), of the Change Cipher Spec and Handshake records contained in > packet 5. The server doesn't know what to make of these, as the handshake is > complete from the server's perspective, (in fact, encrypted traffic is > happily passing between the two ends before the retransmission -- this is > omitted from the pcap). > > After looking at the code, it appears that the logic that handles > SSL3_ST_CW_FINISHED_A and SSL3_ST_CW_FINISHED_B in dtls1_connect() is calling > dtls1_start_timer() when it should presumably be calling dtls1_stop_timer(). > The attached patch addresses this issue -- assuming this is indeed the full > extent of the problem, (the fix works fine for my specific test setup). Unfortunately, the trace file seems to be broken, because I cannot open it with Wireshark. Are you using abbreviated handshakes? If yes, then this is a known bug and has already been fixed with bugfix #2505. The changes will be included in the next stable release of OpenSSL, that is 1.0.0e. There is a list of patches which have been applied but not yet been released on our website: http://sctp.fh-muenster.de/dtls-patches.html It would be great if you can confirm whether your issue is fixed with the latest patches. You can either download them from the mentioned website or check out 1.0.0-stable, which includes the listed patches: cvs -d [email protected]:/openssl-cvs co -rOpenSSL_1_0_0-stable openssl If this does not fix it, please send me detailed instructions how to reproduce it and a trace file I can open with Wireshark, so I can have a look at it. Best regards Robin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
