Surprising behaviour of DTLSv1_listen

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Surprising behaviour of DTLSv1_listen

Detlef Vollmann
Hello,

if I do:
     // ctx is setup with certificate, key and cookie callbacks
     BIO *bio = BIO_new_dgram(sock, BIO_NOCLOSE);
     SSL *ssl = SSL_new(ctx);
     SSL_set_bio(ssl, bio, bio.get());
     DTLS_set_link_mtu(ssl, 1000);
     SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
     SSL_set_accept_state(ssl);
     SSL_accept(ssl);

then the MTU setting works as expected, i.e. the ServerHello
is split into two DTLS handshake fragments.

But if I do:
     BIO *bio = BIO_new_dgram(sock, BIO_NOCLOSE);
     SSL *ssl = SSL_new(ctx);
     SSL_set_bio(ssl, bio, bio.get());
     DTLS_set_link_mtu(ssl, 1000);
     SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
     SSL_set_accept_state(ssl);
     DTLSv1_listen(ssl, addr.get());
     SSL_accept(ssl);

then the ServerHello is sent as a single packet (>1500 bytes).

I think the reason is that DTLSv1_listen() internally
calls SSL_clear().
I find this pretty surprising.

I personally don't really care too much, as I'll do my
own cookie handshake without DTLSv1_listen() before I
call SSL_accept(), but I thought I'd report it anyway.

   Detlef