Hi Sebastian, which version of openssl are you using? 0.9.8 contains a lot of bugs regarding DTLS. (You can see a list of fixes at http://sctp.fh-muenster.de/dtls-patches.html). They are fixed in 1.0.? Do the same problems show up with 1.0.??
Best regards Michael On Sep 15, 2010, at 7:10 PM, Sebastian Proca wrote: > Hello all, > > I need to check(test) if my Ubuntu 10.04 with Openssl really uses Datagram > TLS connection to encrypt a certain UDP flow. > Until now I found a way, using the s_server and s_client applications from > apps/ directory to test if the dtls capabilities are supported: > > 1) First generate the key: > sudo openssl req -x509 -nodes -days 365 -newkey rsa:512 -subj > '/C=CA/ST=ON/L=Ottawa/CN=www.madboa.com' -keyout /root/mycert.pem -out > /root/mycert.pem > > 2) Start server: > sudo openssl s_server -cert /root/mycert.pem -www -dtls1 > > 3) Start the client(in another terminal): > openssl s_client -connect 127.0.0.1:4433 -dtls1, > > but all that the client application returns is "CONNECTED(00000003)", also > the server returns "ACCEPT". > > I used wireshark to catch anything that would look like dtls events, but > nothing; so I can't be sure that DTLS of openssl is really working. > Could someone tell me another way of testing dtls capabilities than this one? > Or, do you think that this way of testing is enough to trust the good > behaviour of this functionality? > > Thank you in advance, > Sebastian > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
