On 01/06/15 16:29, Matt Caswell wrote: > > > On 01/06/15 12:52, Alfred E. Heggestad wrote: >> Hey Matt, >> >> >> openssl version 1.0.2a on both sides (Client and Server) >> >> >>> Are you also running OpenSSL on the server side (and if so which version >>> there)? >>> >>> The error message suggests that the NewSessionTicket message that has >>> been received by the client is incorrectly formatted. >>> >>> A packet capture for a problem handshake might help diagnose the problem >>> further. >>> >> >> please see the attached PCAP file, in this case Packet #4 is dropped >> internally >> in the software (to simulate Packet-loss). >> >> >> >> that test-code has the following option set, to avoid fragmentation: >> >> SSL_set_options(tc->ssl, SSL_OP_NO_QUERY_MTU); >> DTLS_set_link_mtu(tc->ssl, 1480); >> >> >> please note that dropping Packet #1, #2 and #3 works as expected. >> but dropping the final packet (packet #4) does not work. > > Thanks - I've figured it out. This is a manifestation of a known issue > with retransmits in 1.0.2a. It will be fixed in 1.0.2b. I have attached > a patch for 1.0.2a which should solve your problems for now. > > The relevant 1.0.2 commits that fix this are here: > https://github.com/openssl/openssl/commit/a20718fa2c0a45e6acb975cf6c0438c3ebd45b13 > > and here: > https://github.com/openssl/openssl/commit/4285b851637a3da8bd6e96848f0deffb6be5e626 > > Matt, thank you for the fast response and patches :) I can confirm that 1.0.2a + patches above fixes the DTLS packet-loss issue. keep up the good work guys! /alfred
