Re: DTLS ClientHello exchange broken by renegotiation patch in 0.9.8l

[Alex Lam]

Hi Steve,

Is there a 0.9.8m with the DTLS and TLS reneg fix planned in the near
future?

I tried the head of branch from OpenSSL_0_9_8-stable as adviced.

First there was compilation issue due to FIPS issue which
I overcame with ./config no-fips

Then, I run into a segfault on s_server.... :-(

Thanks,
Alex.

$ ./openssl s_server -dtls1 -debug
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
read from 0x6cab10 [0x6d0160] (18437 bytes => 99 (0x63))
0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 56 01 00 00   ............V...
0010 - 4a 00 00 00 00 00 00 00-4a fe ff 4b 03 52 c1 19   J.......J..K.R..
0020 - c6 ae 8c 7d aa 05 42 5e-87 a8 55 ec 2a 78 2e 39   ...}..B^..U.*x.9
0030 - d0 cb 89 cb 9b 7b 67 0a-ce 7f 2a 00 00 00 22 00   .....{g...*...".
0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00   9.8.5.......3.2.
0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00   /...............
0060 - 06 01                                             ..
0063 - <SPACES/NULS>
write to 0x6cab10 [0x6da350] (48 bytes => 48 (0x30))
0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 23 03 00 00   ............#...
0010 - 17 00 00 00 00 00 00 00-17 fe ff 14 7e cd 68 70   ............~.hp
0020 - c4 25 fc 74 4d 61 cd fd-ec d6 7e 86 82 36 de 88   .%.tMa....~..6..
read from 0x6cab10 [0x6d0160] (18437 bytes => 119 (0x77))
0000 - 16 fe ff 00 00 00 00 00-00 00 01 00 6a 01 00 00   ............j...
0010 - 5e 00 01 00 00 00 00 00-5e fe ff 4b 03 52 c1 19   ^.......^..K.R..
0020 - c6 ae 8c 7d aa 05 42 5e-87 a8 55 ec 2a 78 2e 39   ...}..B^..U.*x.9
0030 - d0 cb 89 cb 9b 7b 67 0a-ce 7f 2a 00 14 7e cd 68   .....{g...*..~.h
0040 - 70 c4 25 fc 74 4d 61 cd-fd ec d6 7e 86 82 36 de   p.%.tMa....~..6.
0050 - 88 00 22 00 39 00 38 00-35 00 16 00 13 00 0a 00   ..".9.8.5.......
0060 - 33 00 32 00 2f 00 07 00-15 00 12 00 09 00 14 00   3.2./...........
0070 - 11 00 08 00 06 01                                 ......
0077 - <SPACES/NULS>
write to 0x6cab10 [0x6da350] (15 bytes => 15 (0xF))
0000 - 15 fe ff 00 00 00 00 00-00 00 01 00 02 02 2f      ............../
Segmentation fault


On Wed, Nov 11, 2009 at 3:58 PM, Dr. Stephen Henson <st...@openssl.org>wrote:

> On Wed, Nov 11, 2009, Alex Lam wrote:
>
> > Hi all,
> >
> > The patch that disable renegotiation has broken DTLS's ClientHello
> exchange
> > in 0.9.8l.
> > Server sends an Alert together with HelloVerifyRequest...
> >
>
> As mentioned in the announcement 0.9.8l is based on 0.9.8k which has a very
> broken DTLS implementation. Please try the 0.9.8-stable snapshots which
> have
> all the DTLS fixes and provisional reneg extension.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>