Hi,
While writing a DTLS server using DTLSv1_listen(), I found that when I receive a fragmented clienthello from the client, DTLS handshake fails. DTLSv1_listen stuck in the while loop (in the app).
When I checked the man page of DTLSv1_listen(), it clearly says that API does not handle a fragmented clienthello. as it operates entirely statelessly ( Safeguard against DOS attacks ? )
However DTLS RFC clearly states that implementation must handle fragmented handshake messages
RFC 4347 Datagram Transport Layer Security:
“When a DTLS implementation receives a handshake message fragment, it MUST buffer it until it has the entire handshake message.”
Avoiding the fragmented clienthello is the only way out for this problem ? or any other alternatives exist ?
Regards,
Vijay
While writing a DTLS server using DTLSv1_listen(), I found that when I receive a fragmented clienthello from the client, DTLS handshake fails. DTLSv1_listen stuck in the while loop (in the app).
When I checked the man page of DTLSv1_listen(), it clearly says that API does not handle a fragmented clienthello. as it operates entirely statelessly ( Safeguard against DOS attacks ? )
However DTLS RFC clearly states that implementation must handle fragmented handshake messages
RFC 4347 Datagram Transport Layer Security:
“When a DTLS implementation receives a handshake message fragment, it MUST buffer it until it has the entire handshake message.”
Avoiding the fragmented clienthello is the only way out for this problem ? or any other alternatives exist ?
Regards,
Vijay
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
