> From: owner-openssl-us...@openssl.org On Behalf Of saurav barik > Sent: Friday, 22 February, 2013 00:41
I think this fits better on -users and put that first, but if you ask both lists please indicate in the message (as I did) because people don't necessarily read both and see the duplication. > I am trying to implement TLS security (in the client side) over a UDP > connection. I have a parallel TCP connection(to the same server) over > which TLS is already done and it works fine. In the same session of my > application I am creating a UDP connection to the same server (UDP > socket) and am trying to do a TLS handshake. When I call SSL_connect() > over UDP connection, it fails with "SSL_ERROR_SYSCALL" error. When I > checked the error with ERR_get_error() I get a value of 0. Can I use If SSL_connect/etc returns -1 and SSL_get_error returns _SYSCALL, then the error information is in the OS (errno on Unix or WSAGetLastError() on Windows) instead of, or sometimes (rarely?) in addition to, ERR_get_error and friends. See man -3ssl SSL_get_error. > TLS over a UDP connection(I understand DTLS can be used but my project > needs TLS)? > There is no such thing as a UDP connection; UDP is connectionless. I haven't examined socket-BIO's support for UDP (DGRAM) to see if non-DTLS protocols could successfully call it. Even if it does, or you substitute a BIO that does, TLS can't work for long over UDP semantics, which can lose reorder and duplicate packets. TLS depends on TCP's reliable in-order transport. DTLS basically re-implements enough of TCP to make TLS functionality work. If you don't do either of those, and you develop on two machines on a single quiet LAN segment as common in development environments it may appear to work at least sometimes; if you then deploy to users on the real internet or even just a large organization intranet, the chances of it working plummet. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
