On 01/06/15 12:52, Alfred E. Heggestad wrote: > Hey Matt, > > > openssl version 1.0.2a on both sides (Client and Server) > > >> Are you also running OpenSSL on the server side (and if so which version >> there)? >> >> The error message suggests that the NewSessionTicket message that has >> been received by the client is incorrectly formatted. >> >> A packet capture for a problem handshake might help diagnose the problem >> further. >> > > please see the attached PCAP file, in this case Packet #4 is dropped > internally > in the software (to simulate Packet-loss). > > > > that test-code has the following option set, to avoid fragmentation: > > SSL_set_options(tc->ssl, SSL_OP_NO_QUERY_MTU); > DTLS_set_link_mtu(tc->ssl, 1480); > > > please note that dropping Packet #1, #2 and #3 works as expected. > but dropping the final packet (packet #4) does not work. Thanks - I've figured it out. This is a manifestation of a known issue with retransmits in 1.0.2a. It will be fixed in 1.0.2b. I have attached a patch for 1.0.2a which should solve your problems for now. The relevant 1.0.2 commits that fix this are here: https://github.com/openssl/openssl/commit/a20718fa2c0a45e6acb975cf6c0438c3ebd45b13 and here: https://github.com/openssl/openssl/commit/4285b851637a3da8bd6e96848f0deffb6be5e626 Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: dtls-1.0.2a-retransmits.patch Type: text/x-patch Size: 3593 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150601/cab00d80/attachment-0001.bin>
