Hello !
17.09.2018, 16:26, "Richard Weinberger" <richard.weinber...@gmail.com>:
> On Thu, Sep 13, 2018 at 3:51 PM <aleksandr.derevia...@btsignal.ru> wrote:
>> I tryed to dig inside openssl s_client source code, but it's really too
>> complex for me, it seems like s_client doesn't use
>> SSL_connect, instead, using more low-level functions.
>>
>> So, does anybody have any simple client-side implementation of DTLS over
>> UDP connection?
>
> https://web.archive.org/web/20150806185102/http://sctp.fh-muenster.de:80/dtls/dtls_udp_echo.c
> ... is a good example.
Unfortunelly, it's exactly this example which I use. You have pointed on
slightly different version,
but all difference is:
SSL_CTX_set_cookie_verify_cb(ctx, &verify_cookie);
instead of
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);
ctx = SSL_CTX_new(DTLS_client_method());
instead of
ctx = SSL_CTX_new(DTLSv1_client_method());
I have tryed it, works exactly the same.
In both versions, on client side cipher_list is:
SSL_CTX_set_cipher_list(ctx, "eNULL:!MD5");
With such list it works, but without encoding (data send in cleartext,
connection established as Cipher: NULL-SHA)
and if I remove eNULL on client side, it doesn't connect - server wait repeat
of client cookue forever.
At the same time, "openssl s_client -dtls1 ..." connects fine, with Cipher:
AES256-SHA
>
> In case you are on 1.1.x, please also see:
> https://mta.openssl.org/pipermail/openssl-users/2018-August/008498.html
>
> OpenSSL badly regressed in 1.1.x wrt. DTLS.
>
Actually, I use openssl-1.0.2o_2,1
Also, this "regression" is for multy-threaded server, not for single-threaded
client.
--
Александр Деревянко/Aleksander Derevianko
Нач. отдела новых аппаратно-программных средств
Бомбардье Транспортейшн (Сигнал)/Bombardier Transportation (Signal) Ltd.
T: +74959255370 Доб. 265
M: +79859229755
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
