There seems to be some confusion on the version number for DTLS.
Here is what RFC4347 says:
version
The version of the protocol being employed. This document
describes DTLS Version 1.0, which uses the version { 254, 255
}. The version value of 254.255 is the 1's complement of DTLS
Version 1.0. This maximal spacing between TLS and DTLS version
numbers ensures that records from the two protocols can be
easily distinguished. It should be noted that future on-the-wire
version numbers of DTLS are decreasing in value (while the true
version number is increasing in value.)
This paragraph is confusing. It first says "This document describes DTLS Version 1.0, which uses the version { 254, 255 }. ".
Then it says "The version value of 254.255 is the 1's complement of DTLS Version 1.0."
My interpretation of this is that the version number is { 254,255 }.
However, openssl 0.9.8 appear to interpret this as saying the version is { 01, 00 }
Can the authors please clarify?
thanks,
Rob
> List: openssl-users
> Subject: Re: errors in DTLS implementation in openssl0.9.8a
> From: Prashant Kumar <pkix2005 () yahoo ! com>
> Date: 2005-12-13 14:52:05
> Message-ID: 20051213145205.74076.qmail () web52008 ! mail ! yahoo ! com
> [Download message RAW]
>
> 16 01 00 for a DTLS handshake is the right code
>
> 16, Content type, and it is a handshake
>
> DTLS version is 01 00
>
> Thanks,
> Prashant.
>
> Eduardo PĂ©rez Ureta <[EMAIL PROTECTED]> wrote:
> Maybe you can try:
> http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1245
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335703
> This patch may fix the segmentation fault that I also confirm on
> openssl-0.9.8a running on linux-2.6.14/686
> Some developer should review that patch.
> (I'll try it later if nobody has)
>
> On 2005-12-10 16:38:16 +0000, robert dugal wrote:
> > Openssl 0.9.8a is incorrectly encoding the DTLS version as 0x01,0x00
> > instead of 0xfe,0xff
> > $ ./openssl s_client -dtls1 -debug
> > CONNECTED(00000003)
> > write to 0x5d3640 [0x5dd3f8] (119 bytes => 119 (0x77))
> > 0000 - 16 01 00 00 00 00 00 00-00 00 00 00 6a 01 00 00 ............j...
> >
> >
> >
> > Openssl 0.9.8a is incorrectly encoding the ChangeCipherSpec message as 3
> > bytes instead of 1 byte, including a 2 byte message sequence number.
> > $ ./openssl s_client -dtls1 -debug
> >
> > write to 0x5d3640 [0x5e2d80] (16 bytes => 16 (0x10))
> > 0000 - 14 01 00 00 00 00 00 00-00 00 03 00 03 01 00 03 ................
> > The first 13 bytes are the record header followed by the CCS which is 3
> > bytes: 01 00 03
> >
> > There is no MSN in the CCS. I had a lengthy discussion with Eric on this
> > topic and he was very clear that the CCS has no MSN and he did not want to
> > add it to the CCS.
> >
> >
> > I also discovered it is very easy to crash openssl or make the handshake
> > fail using the -mtu argument (testing on windows xp).
> >
> > ./openssl s_server -dtls1 -debug -mtu 100
> > ./openssl s_client -dtls1 -debug -mtu 100
> > - server Segmentation fault (core dumped)
> >
> > ./openssl s_server -dtls1 -debug -mtu 128
> > ./openssl s_client -dtls1 -debug -mtu 128
> > - server 888:error:143F8412:SSL routines:DTLS1_READ_BYTES:sslv3 alert bad
> > certificate
> > - client 4052:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
> > lib:s3_clnt.c
> >
> > ./openssl s_server -dtls1 -debug -mtu 256
> > ./openssl s_client -dtls1 -debug -mtu 256
> > - server DTLS1_READ_BYTES:sslv3 alert bad certificate
> > - client 3080:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
> > lib:s3_clnt.c
> >
> > ./openssl s_server -dtls1 -debug -mtu 512
> > ./openssl s_client -dtls1 -debug -mtu 512
> > - server SSL3_GET_FINISHED:digest check failed
> > - client handshake failure
