Hello ! 17.09.2018, 16:26, "Richard Weinberger" <richard.weinberger@xxxxxxxxx>: > On Thu, Sep 13, 2018 at 3:51 PM <aleksandr.derevianko@xxxxxxxxxxx> wrote: >> I tryed to dig inside openssl s_client source code, but it's really too complex for me, it seems like s_client doesn't use >> SSL_connect, instead, using more low-level functions. >> >> So, does anybody have any simple client-side implementation of DTLS over UDP connection? > > https://web.archive.org/web/20150806185102/http://sctp.fh-muenster.de:80/dtls/dtls_udp_echo.c > ... is a good example. Unfortunelly, it's exactly this example which I use. You have pointed on slightly different version, but all difference is: SSL_CTX_set_cookie_verify_cb(ctx, &verify_cookie); instead of SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie); ctx = SSL_CTX_new(DTLS_client_method()); instead of ctx = SSL_CTX_new(DTLSv1_client_method()); I have tryed it, works exactly the same. In both versions, on client side cipher_list is: SSL_CTX_set_cipher_list(ctx, "eNULL:!MD5"); With such list it works, but without encoding (data send in cleartext, connection established as Cipher: NULL-SHA) and if I remove eNULL on client side, it doesn't connect - server wait repeat of client cookue forever. At the same time, "openssl s_client -dtls1 ..." connects fine, with Cipher: AES256-SHA > > In case you are on 1.1.x, please also see: > https://mta.openssl.org/pipermail/openssl-users/2018-August/008498.html > > OpenSSL badly regressed in 1.1.x wrt. DTLS. > Actually, I use openssl-1.0.2o_2,1 Also, this "regression" is for multy-threaded server, not for single-threaded client. -- Александр Деревянко/Aleksander Derevianko Нач. отдела новых аппаратно-программных средств Бомбардье Транспортейшн (Сигнал)/Bombardier Transportation (Signal) Ltd. T: +74959255370 Доб. 265 M: +79859229755 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
