On 01/06/15 11:39, Matt Caswell wrote:
On 01/06/15 10:08, Alfred E. Heggestad wrote:Hi, we are using OpenSSL to deploy DTLS-SRTP, Ref: http://www.creytiv.com/doxygen/re-dox/html/tls__udp_8c.html it works really well, thanks for the good code. one scenario that does not work so well, is when DTLS is running in an environment with packet loss. for example, we get this error message: 140735307322128:error:1411B09F:SSL routines:ssl3_get_new_session_ticket:length mismatch:s3_clnt.c:2183: any hints of where I should start looking ?Can you confirm which version of OpenSSL you are running?
Hey Matt, openssl version 1.0.2a on both sides (Client and Server)
Are you also running OpenSSL on the server side (and if so which version there)? The error message suggests that the NewSessionTicket message that has been received by the client is incorrectly formatted. A packet capture for a problem handshake might help diagnose the problem further.
please see the attached PCAP file, in this case Packet #4 is dropped internally
in the software (to simulate Packet-loss).
that test-code has the following option set, to avoid fragmentation:
SSL_set_options(tc->ssl, SSL_OP_NO_QUERY_MTU);
DTLS_set_link_mtu(tc->ssl, 1480);
please note that dropping Packet #1, #2 and #3 works as expected.
but dropping the final packet (packet #4) does not work.
/alfred
Matt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
openssl_dtls_packet4_lost.pcap
Description: Binary data
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
