I am using DTLSv1_listen in non-blocking underlying socket layer. I am using
openssl-0.9.8o and I looked at the implementation.
int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s-d1-listen = 1;
ret = SSL_accept(s);
if (ret = 0)
Bodo, some comments inline...
On Tuesday 08 Feb 2011 18:09:46 Bodo Moeller wrote:
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
snip
Which applications are affected
---
Applications are only affected if they act as a server
Hi Nilesh,
On Feb 9, 2011, at 4:05 AM, Nilesh Vaghela wrote:
I am using DTLSv1_listen in non-blocking underlying socket layer. I am using
openssl-0.9.8o and I looked at the implementation.
Don't use any 0.9.8 release if you want to work with DTLS. There are a *lot* of
bugs which are fixed
Thanks, Rob; I have updated the Security Advisory at
http://www.openssl.org/news/secadv_20110208.txt.
Bodo
Hi,
I'm interested to know if it is safe to upgrade our OpenSSL version from 0.9.8f
to 1.0.0c without any issues in compatibility? So in practice the
functionalities supported by the 0.9.8f should still be supported by the 1.0.0,
is this the case?
Also, what is the reason for keeping the
Hi,
I have just noticed that the word distribution was mispelled at
several places in the source code (you have distr_u_bution instead).
For the copyright notices, it is not very important, but it appears in
some X.509v3 output messages.
openssl-1.0.0d/crypto/bf/COPYRIGHT:copied and put under
Thanks Robin.
Just wanted to give additional information that I am not implementing
multi-threaded server as there can be thousands of connections. Having said
that I would have to use select for both the fds (one listen socket and many
connected sockets). With this model, do I still have to
Hi,
Two more questions
1. I assume that = 1.0.0a version has FIPS support fro DTLS ?
2. What is the difference between 0.9.8 and 1.0.0 ? Assuming that program
tested with 0.9.8 (with FIPS) would work without any changes on 1.0.0.
--Nilesh.
I am using DTLSv1_listen in non-blocking
Hi Nilesh,
On 09.02.2011, at 17:15, Nilesh Vaghela wrote:
Just wanted to give additional information that I am not implementing
multi-threaded server as there can be thousands of connections. Having said
that I would have to use select for both the fds (one listen socket and many
Hi,
I just realized that may be DTLSv1_get_timeout and handle timeout is important
because when server sends Server Hello we need to get back the response in time
out.
Is that right understanding ? If that is the case then in select I can not mix
other fds as the may get activity before
Hi,
One more question :
How does DTLSv1_listen handle multiple ClientHellos at the same time, let us
say multiple clients are connecting.
It looks like unless for one client hello session is not completed it can not
start hello session for other client.
I understand this way because we have
11 matches
Mail list logo
