16 01 00 for a DTLS handshake is the right code
16, Content type, and it is a handshake
DTLS version is 01 00
Thanks,
Prashant.
Eduardo PĂ©rez Ureta <[EMAIL PROTECTED]> wrote:
Eduardo PĂ©rez Ureta <[EMAIL PROTECTED]> wrote:
Maybe you can try:
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1245
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335703
This patch may fix the segmentation fault that I also confirm on
openssl-0.9.8a running on linux-2.6.14/686
Some developer should review that patch.
(I'll try it later if nobody has)
On 2005-12-10 16:38:16 +0000, robert dugal wrote:
> Openssl 0.9.8a is incorrectly encoding the DTLS version as 0x01,0x00
> instead of 0xfe,0xff
> $ ./openssl s_client -dtls1 -debug
> CONNECTED(00000003)
> write to 0x5d3640 [0x5dd3f8] (119 bytes => 119 (0x77))
> 0000 - 16 01 00 00 00 00 00 00-00 00 00 00 6a 01 00 00 ............j...
>
>
>
> Openssl 0.9.8a is incorrectly encoding the ChangeCipherSpec message as 3
> bytes instead of 1 byte, including a 2 byte message sequence number.
> $ ./openssl s_client -dtls1 -debug
>
> write to 0x5d3640 [0x5e2d80] (16 bytes => 16 (0x10))
> 0000 - 14 01 00 00 00 00 00 00-00 00 03 00 03 01 00 03 ................
> The first 13 bytes are the record header followed by the CCS which is 3
> bytes: 01 00 03
>
> There is no MSN in the CCS. I had a lengthy discussion with Eric on this
> topic and he was very clear that the CCS has no MSN and he did not want to
> add it to the CCS.
>
>
> I also discovered it is very easy to crash openssl or make the handshake
> fail using the -mtu argument (testing on windows xp).
>
> ./openssl s_server -dtls1 -debug -mtu 100
> ./openssl s_client -dtls1 -debug -mtu 100
> - server Segmentation fault (core dumped)
>
> ./openssl s_server -dtls1 -debug -mtu 128
> ./openssl s_client -dtls1 -debug -mtu 128
> - server 888:error:143F8412:SSL routines:DTLS1_READ_BYTES:sslv3 alert bad
> certificate
> - client 4052:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
> lib:s3_clnt.c
>
> ./openssl s_server -dtls1 -debug -mtu 256
> ./openssl s_client -dtls1 -debug -mtu 256
> - server DTLS1_READ_BYTES:sslv3 alert bad certificate
> - client 3080:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
> lib:s3_clnt.c
>
> ./openssl s_server -dtls1 -debug -mtu 512
> ./openssl s_client -dtls1 -debug -mtu 512
> - server SSL3_GET_FINISHED:digest check failed
> - client handshake failure
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping
