Hello ! I'm completely new to openssl, but really need to implement simple application which will use DTLS over UDP.
Unfortunelly, it seems that all examples which I can find, correctly implement DTLS server, but not implement DTLS client side. For example, this one: https://github.com/nplab/DTLS-Examples/blob/master/src/dtls_udp_echo.c implement both client and server, but all connection from client to server have no encoding: SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) returns "NULL-SHA256"; It's because client side sets SSL_CTX_set_cipher_list(ctx, "eNULL:!MD5"); If I try to connect to the dtls_udp_echo application in server mode using openssl s_client, it connects successfully and with encoding enabled ("AES256-SHA"). If I change client side SSL_CTX_set_cipher_list to "ALL", or "AES256:SHA" - SSL_connect() on client hangs forever. I think, the reason is that server side require cookie exchange, and clients side doesn't implement it. At least, if I connect using openssl s_client, on server side both verify_cookie and generate_cookie was called. If I use example client, only generate_cookie was called. Client just hangs forever, sending packets to server every few seconds until timeout expired (~8 minutes) and return SSL_connect: Resource temporarily unavailable error:1413C138:SSL routines:dtls1_check_timeout_num:read timeout expired It seems for me that for DTLS connection, SSL_connect() doesn't implement cookies exchange. I tryed to dig inside openssl s_client source code, but it's really too complex for me, it seems like s_client doesn't use SSL_connect, instead, using more low-level functions. So, does anybody have any simple client-side implementation of DTLS over UDP connection? -- Александр Деревянко/Aleksander Derevianko Нач. отдела новых аппаратно-программных средств Бомбардье Транспортейшн (Сигнал)/Bombardier Transportation (Signal) Ltd. T: +74959255370 Доб. 265 M: +79859229755 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
