DTLS server records repeated

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

DTLS server records repeated

Michael Richardson

I'm capturing from my DTLS client and server, with CoAP running on top.
I've been debugging some ruby-level I/O buffering issues.
I noticed this while capturing, and used tshark to get this print out.
(I've added columns for port numbers)

  2  66.009171          ::2 35345 ::2          5684 DTLSv1.0 263 Client Hello
  3  66.009494          ::2 5684 ::2          35345 DTLSv1.0 122 Hello Verify Request
  4  66.009798          ::2 35345 ::2          5684 DTLSv1.0 295 Client Hello
  5  66.011771          ::2 5684 ::2          35345 DTLSv1.2 810 Server Hello, Certificate, Server Key Exchange[Malformed Packet]

The Hello/Verify/Hello makes complete sense.
tshark claims there is a malformed packet, but it seems to be the opinion
of wireshark/tshark 1.12.1, as 2.2.6 (on my desktop vs laptop)
has no problem with the packet.

But, why are the Server Hello, Certificate and ServerKeyExchange then
repeated in another three packets?  The sequence numbers in the DTLS header
seem to increment as well.  It's like some PMTU detector is getting confused
and trying to send again.

  6  67.037421          ::2 5684 ::2          35345 DTLSv1.2 148 Server Hello
  7  67.037453          ::2 5684 ::2          35345 DTLSv1.2 562 Certificate
  8  67.037468          ::2 5684 ::2          35345 DTLSv1.2 199 Server Key Exchange[Malformed Packet]

And then things proceed, apparently just fine.

  9  67.037482          ::2 5684 ::2          35345 DTLSv1.2 87 Server Hello Done

 10  67.037518          ::2 35345 ::2          5684 DTLSv1.0 295 Client Hello
 11  67.041860          ::2 35345 ::2          5684 DTLSv1.2 195 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
 12  67.044257          ::2 5684 ::2          35345 DTLSv1.2 328 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
 13  67.044909          ::2 35345 ::2          5684 DTLSv1.2 135 Application Data
 14  67.056746          ::2 5684 ::2          35345 DTLSv1.2 111 Application Data

http://junk.sandelman.ca/junk/dtls1.pcap if you want to see more details.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: DTLS server records repeated

Matt Caswell-2


On 21/02/18 21:38, Michael Richardson wrote:

>
> I'm capturing from my DTLS client and server, with CoAP running on top.
> I've been debugging some ruby-level I/O buffering issues.
> I noticed this while capturing, and used tshark to get this print out.
> (I've added columns for port numbers)
>
>   2  66.009171          ::2 35345 ::2          5684 DTLSv1.0 263 Client Hello
>   3  66.009494          ::2 5684 ::2          35345 DTLSv1.0 122 Hello Verify Request
>   4  66.009798          ::2 35345 ::2          5684 DTLSv1.0 295 Client Hello
>   5  66.011771          ::2 5684 ::2          35345 DTLSv1.2 810 Server Hello, Certificate, Server Key Exchange[Malformed Packet]

The Server Hello Done seems to be missing from this sequence. Perhaps
dropped somewhere en-route?

>
>   6  67.037421          ::2 5684 ::2          35345 DTLSv1.2 148 Server Hello
>   7  67.037453          ::2 5684 ::2          35345 DTLSv1.2 562 Certificate
>   8  67.037468          ::2 5684 ::2          35345 DTLSv1.2 199 Server Key Exchange[Malformed Packet]

The client is waiting for the Server Hello Done to arrive which seems to
have been dropped. Meanwhile the server is waiting for the client's
response to the flight of messages it just sent. After a timeout the
server retransmits its last flight (note the sudden increment in time
between the previous Server Key Exchange, and the second Server Hello).

>
> And then things proceed, apparently just fine.
>
>   9  67.037482          ::2 5684 ::2          35345 DTLSv1.2 87 Server Hello Done
>

This time the Server Hello Done has arrived.

>  10  67.037518          ::2 35345 ::2          5684 DTLSv1.0 295 Client Hello

This appears to be a retransmit on the client side. Probably the server
retransmit and the client retransmit crossed.

>  11  67.041860          ::2 35345 ::2          5684 DTLSv1.2 195 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

Now the client has received the Server Hello Done it was waiting for and
the handshake can proceed.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users