Some interesting observations: 1) Changed the cipher lists to much simpler values: ciphers = "AES256-SHA256" => works ciphers = "AES256-SHA" => fails
2) On a hunch, I tried adding "no-asm" to the config line: 2.1) TLS test now works and yields a perfect match with the 32 bit test 2.2) DTLS test "works", but there is an interesting side-effect... ... the "random bytes" field differs in the server hello. There should be no difference because the test harness is supplying a non-random PRG, (and time-of-day is also strictly controlled). I'm guessing that OpenSSL uses a SHA-based PRF on random bytes? If so, then it looks like something might be up with 64-bit SHA, (or PRF??) in 1.0.1. I've attached the "no-asm-64bit" pkt cap and the reference 32 bit equivalent.
dtls-no-asm-x86_64.pcap
Description: Binary data
dtls-i686.pcap
Description: Binary data