DTLS and packet loss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/06/15 11:39, Matt Caswell wrote:
>
>
> On 01/06/15 10:08, Alfred E. Heggestad wrote:
>> Hi,
>>
>> we are using OpenSSL to deploy DTLS-SRTP, Ref:
>>
>> http://www.creytiv.com/doxygen/re-dox/html/tls__udp_8c.html
>>
>>
>> it works really well, thanks for the good code.
>> one scenario that does not work so well, is when DTLS
>> is running in an environment with packet loss.
>> for example, we get this error message:
>>
>> 140735307322128:error:1411B09F:SSL
>> routines:ssl3_get_new_session_ticket:length mismatch:s3_clnt.c:2183:
>>
>>
>> any hints of where I should start looking ?
>
> Can you confirm which version of OpenSSL you are running?
>

Hey Matt,


openssl version 1.0.2a on both sides (Client and Server)


> Are you also running OpenSSL on the server side (and if so which version
> there)?
>
> The error message suggests that the NewSessionTicket message that has
> been received by the client is incorrectly formatted.
>
> A packet capture for a problem handshake might help diagnose the problem
> further.
>

please see the attached PCAP file, in this case Packet #4 is dropped internally
in the software (to simulate Packet-loss).



that test-code has the following option set, to avoid fragmentation:

	SSL_set_options(tc->ssl, SSL_OP_NO_QUERY_MTU);
	DTLS_set_link_mtu(tc->ssl, 1480);


please note that dropping Packet #1, #2 and #3 works as expected.
but dropping the final packet (packet #4) does not work.




/alfred

> Matt
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl_dtls_packet4_lost.pcap
Type: application/octet-stream
Size: 4636 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150601/39dcf8b7/attachment.obj>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux