Thanks Tomas,
I am aware the bugs and security issues. I am not trying to use it in
production.
I need it to function for some testing.
On 5/19/23 02:22, Tomas Mraz wrote:
As far as I remember the DTLS support in 0.9.8 is full of bugs and I
would not recommend to use it at all.
That version is also unsupported for a long time and full of security
issues of various severity unless you use some vendor package which has
backported security patches.
Tomas Mraz, OpenSSL
On Thu, 2023-05-18 at 14:27 -0500, ed sandberg wrote:
I am unable to get openssl 0.9.8 to work with dtls. I am able to
start a
server with 1.1.1b like this:
./openssl-1.1.1b/apps/openssl s_server -key ./rsa2048_key.pem -cert
./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1
-timeout -mtu 5000
it works as I expect it to. Both netstat and nmap show the port is
bound
and listening and the server responds to clients.
If I start the server the same way with 0.9.8 (I tried versions k and
za):
$ ./openssl-0.9.8za/apps/openssl s_server -key ./rsa2048_key.pem -
cert
./rsa2048_cert.pem -CAfile ./rsa2048_cert.pem -accept 30005 -dtls1
-timeout -mtu 5000
I get no error, the command continues to run as though it were
waiting
for connections but it is not actually listening. Nmap reports the
port
is closed and netstat does not list the port as bound:
$ netstat -n --udp --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 0.0.0.0:41130 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp6 0 0 :::5353 :::*
udp6 0 0 :::58796 :::*
udp6 0 0 :::6666 :::*
$ sudo nmap -sU -p30005 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ;) at 2023-05-18 14:07 CDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000036s latency).
PORT STATE SERVICE
30005/udp closed unknown
Is my command incorrect for v0.9.8? If so can someone please provide
a
correct example?
Thanks!
--
Edward Sandberg
Galois, Inc
