Hello all again,
Thank you for your reply, Michael! It really made some more light in my issue
here!
Well, until now, I used Openssl 0.9.8k; didn't update until now because of
dependencies created, trying to avoid instability of system.
Now, that I have updated to 1.0.0a version, the behaviour of this test changed
a bit as you will see below:
1. I make the first step, generating the key as I did in the first mail.
2. Start the server:
sudo openssl s_server -cert /root/mycert.pem -www -dtls1,
but the output is changed (now, I'll put all of it):
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT /* This appears right after the server starts.
3. Start the client (in another terminal):
openssl s_client -connect 127.0.0.1:4433 -dtls1,
the output here, in the first instance is this:
CONNECTED(00000003)
After the client starts, on server's side appear more "ACCEPT" messages, until
client timeout is reached.
When client reaches timeout, the following message appears in client's terminal:
5315304:error:14129138:SSL routines:DTLS1_HANDLE_TIMEOUT:read timeout
expired:d1_lib.c:351:
5315304:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl handshake
failure:d1_pkt.c:1273:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 1788 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : DTLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1284645962
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Seeing that, I tought that this is something related to my new Openssl
installation, that's why, I made the same test with "ssl2", instead of "dtls1"
and worked, so I guess that this is something nasty happening just in dtls'
case.
Is there something else that should be done here, or something I didn't do?
Best reagrds,
Sebastian Proca
--- On Wed, 9/15/10, Michael Tüxen <michael.tue...@lurchi.franken.de> wrote:
> From: Michael Tüxen <michael.tue...@lurchi.franken.de>
> Subject: Re: ubuntu testing dtls capabilities
> To: openssl-users@openssl.org
> Date: Wednesday, September 15, 2010, 1:45 PM
> Hi Sebastian,
>
> which version of openssl are you using? 0.9.8 contains
> a lot of bugs regarding DTLS. (You can see a list of fixes
> at http://sctp.fh-muenster.de/dtls-patches.html).
> They are fixed in 1.0.? Do the same problems show up with
> 1.0.??
>
> Best regards
> Michael
>
> On Sep 15, 2010, at 7:10 PM, Sebastian Proca wrote:
>
> > Hello all,
> >
> > I need to check(test) if my Ubuntu 10.04 with Openssl
> really uses Datagram TLS connection to encrypt a certain UDP
> flow.
> > Until now I found a way, using the s_server and
> s_client applications from apps/ directory to test if the
> dtls capabilities are supported:
> >
> > 1) First generate the key:
> > sudo openssl req -x509 -nodes -days 365 -newkey
> rsa:512 -subj '/C=CA/ST=ON/L=Ottawa/CN=www.madboa.com'
> -keyout /root/mycert.pem -out /root/mycert.pem
> >
> > 2) Start server:
> > sudo openssl s_server -cert /root/mycert.pem -www
> -dtls1
> >
> > 3) Start the client(in another terminal):
> > openssl s_client -connect 127.0.0.1:4433 -dtls1,
> >
> > but all that the client application returns is
> "CONNECTED(00000003)", also the server returns "ACCEPT".
> >
> > I used wireshark to catch anything that would look
> like dtls events, but nothing; so I can't be sure that DTLS
> of openssl is really working.
> > Could someone tell me another way of testing dtls
> capabilities than this one? Or, do you think that this way
> of testing is enough to trust the good behaviour of this
> functionality?
> >
> > Thank you in advance,
> > Sebastian
> >
> >
> >
> >
> >
> ______________________________________________________________________
> > OpenSSL Project
>
> http://www.openssl.org
> > User Support Mailing List
> openssl-users@openssl.org
> > Automated List Manager
>
> majord...@openssl.org
> >
>
> ______________________________________________________________________
> OpenSSL Project
>
> http://www.openssl.org
> User Support Mailing List
> openssl-users@openssl.org
> Automated List Manager
>
> majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
