On 01/06/15 16:29, Matt Caswell wrote:
On 01/06/15 12:52, Alfred E. Heggestad wrote:
Hey Matt,
openssl version 1.0.2a on both sides (Client and Server)
Are you also running OpenSSL on the server side (and if so which version
there)?
The error message suggests that the NewSessionTicket message that has
been received by the client is incorrectly formatted.
A packet capture for a problem handshake might help diagnose the problem
further.
please see the attached PCAP file, in this case Packet #4 is dropped
internally
in the software (to simulate Packet-loss).
that test-code has the following option set, to avoid fragmentation:
SSL_set_options(tc->ssl, SSL_OP_NO_QUERY_MTU);
DTLS_set_link_mtu(tc->ssl, 1480);
please note that dropping Packet #1, #2 and #3 works as expected.
but dropping the final packet (packet #4) does not work.
Thanks - I've figured it out. This is a manifestation of a known issue
with retransmits in 1.0.2a. It will be fixed in 1.0.2b. I have attached
a patch for 1.0.2a which should solve your problems for now.
The relevant 1.0.2 commits that fix this are here:
https://github.com/openssl/openssl/commit/a20718fa2c0a45e6acb975cf6c0438c3ebd45b13
and here:
https://github.com/openssl/openssl/commit/4285b851637a3da8bd6e96848f0deffb6be5e626
Matt,
thank you for the fast response and patches :)
I can confirm that 1.0.2a + patches above fixes the DTLS packet-loss issue.
keep up the good work guys!
/alfred
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
