RE: [openssl.org #3470] [BUG] DTLS abort

Tue, 02 Sep 2014 05:44:02 -0700 

Sorry, I see there were some earlier posts on this very subject.

Also, I found the following in RFC 6083 (section 1.1)...

        o  The maximum user message size is 2^14 bytes, which is the DTLS limit.

I wonder if the authors of RFC 6733 (section 13.1) were aware of this 
limitation when they specified the usage of DTLS/SCTP for secure connections.  
Diameter in 4G networks is known for large messages.

-Brian


-----Original Message-----
From: Brian Hassink [mailto:[email protected]] 
Sent: Tuesday, September 02, 2014 8:29 AM
To: '[email protected]'
Subject: RE: [openssl.org #3470] [BUG] DTLS abort

We do have an open question in regards to DTLS/SCTP, and that is whether it is 
possible to send messages larger than 16K?

In our application, such large messages are not uncommon.

We've tried setting the SSL_MODE_ENABLE_PARTIAL_WRITE flag with no success.

Thanks,
Brian

-----Original Message-----
From: Michael Tüxen via RT [mailto:[email protected]] 
Sent: Thursday, August 28, 2014 12:20 PM
To: Brian Hassink
Cc: [email protected]
Subject: Re: [openssl.org #3470] [BUG] DTLS abort


On 28 Aug 2014, at 17:25, Brian Hassink via RT <[email protected]> wrote:

> Hello Michael,
> 
> We can confirm that the patch resolves the disconnect abort.
Great, thanks a lot for the feedback. Let me know if you have further issues 
with DTLS/SCTP.

Best regards
Michael
> 
> Thanks,
> Brian
> 
> -----Original Message-----
> From: Michael Tüxen via RT [mailto:[email protected]]
> Sent: Wednesday, August 27, 2014 3:33 PM
> To: Brian Hassink
> Cc: [email protected]
> Subject: Re: [openssl.org #3470] [BUG] DTLS abort
> 
> On 18 Aug 2014, at 21:47, Michael Tuexen <[email protected]> 
> wrote:
> 
>> On 18 Aug 2014, at 16:31, Brian Hassink <[email protected]> wrote:
>> 
>>> Yes, this was observed for DTLS/SCTP.
>> OK. The problem is an incorrect usage of OPENSSL_assert()... Let me 
>> see if I can come-up with a patch...
> Hi Brian,
> 
> please find attached a patch which fixes several usages of OPENSSL_assert() 
> and let me know if this resolves your issue.
> 
> Please note that you want also to apply the patch from 
> http://rt.openssl.org/Ticket/Display.html?id=3483&user=guest&pass=gues
> t
> 
> Best regards
> Michael
> 
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [email protected]
> Automated List Manager                           [email protected]
> 



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to