As far as I remember the DTLS support in 0.9.8 is full of bugs and I would not recommend to use it at all. That version is also unsupported for a long time and full of security issues of various severity unless you use some vendor package which has backported security patches. Tomas Mraz, OpenSSL On Thu, 2023-05-18 at 14:27 -0500, ed sandberg wrote: > I am unable to get openssl 0.9.8 to work with dtls. I am able to > start a > server with 1.1.1b like this: > > ./openssl-1.1.1b/apps/openssl s_server -key ./rsa2048_key.pem -cert > ./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1 > -timeout -mtu 5000 > > it works as I expect it to. Both netstat and nmap show the port is > bound > and listening and the server responds to clients. > > If I start the server the same way with 0.9.8 (I tried versions k and > za): > > $ ./openssl-0.9.8za/apps/openssl s_server -key ./rsa2048_key.pem - > cert > ./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1 > -timeout -mtu 5000 > > I get no error, the command continues to run as though it were > waiting > for connections but it is not actually listening. Nmap reports the > port > is closed and netstat does not list the port as bound: > > $ netstat -n --udp --listen > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > udp 0 0 0.0.0.0:5353 0.0.0.0:* > udp 0 0 127.0.0.53:53 0.0.0.0:* > udp 0 0 0.0.0.0:41130 0.0.0.0:* > udp 0 0 0.0.0.0:631 0.0.0.0:* > udp6 0 0 :::5353 :::* > udp6 0 0 :::58796 :::* > udp6 0 0 :::6666 :::* > > $ sudo nmap -sU -p30005 127.0.0.1 > Starting Nmap 7.80 ( https://nmap.org ;) at 2023-05-18 14:07 CDT > Nmap scan report for localhost (127.0.0.1) > Host is up (0.000036s latency). > > PORT STATE SERVICE > 30005/udp closed unknown > > Is my command incorrect for v0.9.8? If so can someone please provide > a > correct example? > > Thanks! > -- Tomáš Mráz, OpenSSL
