Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DTLS client before server up #11

Open
VPBalaRama opened this issue May 29, 2020 · 1 comment
Open

DTLS client before server up #11

VPBalaRama opened this issue May 29, 2020 · 1 comment

Comments

@VPBalaRama
Copy link

Hi All,

I'm into a scenario, where the DTLS client starts and tries handshake before the server comes up. In this handshake fails, I used a timer to call handshake API after the timer expiry. As client tries handshake before the server up, earlier client hello is missed and after timer expiry, it is not starting from the "client hello". Due to this handshake is failing.

Below the flow diagram
3920-06-29 12:27:21.168000] [19936] FRMWRK DtlsClient::doDtlsHandshake called
DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: before/connect initialization
DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: SSLv3 write client hello A
DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: ERROR: SSLv3 read server hello A (-1)
DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: ERROR: SSLv3 read server hello A (-1)
DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK DtlsClient::Handshak failed with error message 10054 retrying..

after timer expiry of 500msec, by the time DTLS server running called async_handshake, but it is not starting with "client hello"
[3920-06-29 12:27:21.668000] [19936] FRMWRK DtlsClient::doDtlsHandshake called
DEBUG: [3920-06-29 12:27:21.668000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: ERROR: SSLv3 read server hello A (-1)

How to handle a scenario like this. is there any way to reset the socket before calling the async_handshake once again
@sdamm
Copy link
Owner

sdamm commented Jun 3, 2020

I haven't tested it, but you should be able to reset using the following:
SSL_clear(mysocket.native_handle());

From the openssl Documentation this sounds like the right thing, but from my understanding this should not be needed. As I understand the DTLS standard the handshake should be done in a "reliable transmission" i.e. there should be an automated retransmit if a packet is lost. So I would expect openssl to retransmit the Client Hello. I haven't looked into why this does not happen and haven't tried to reproduce it yet, so this might be a temporary/unnecessary workaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sdamm @VPBalaRama