On Thu, Feb 14, 2013, Joel Dice wrote: > Hi all, > > I've been experimenting with the DTLS support in OpenSSL recently > and discovered that my application was receiving garbage plaintext > when packets were lost or reordered. Closer inspection suggested a > possible cause: I was only enabling cipher suites which either used > stream ciphers like RC4 or block ciphers like AES with block > chaining. Although OpenSSL automatically disabled RC4, it did not > disable AES with CBC, and I'm trying to understand how it's supposed > to work. > > Although OpenSSL seems to allow CBC-based suites with DTLS, from > what I've read a block in a CBC stream can't be properly decoded > without the prior block being available > (http://en.wikipedia.org/wiki/Cipher_block_chaining#Cipher-block_chaining_.28CBC.29). > With that in mind, is it still reasonable to expect that a CBC-based > suite would work with DTLS and an unreliable transport? >
The format for CBC ciphers in DTLS (and TLS v1.1 and later) includes an explicit IV at the start of the record. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
