1 Topic by jakeru

(3 replies, posted in wolfSSL)

We are evaluating wolfSSL embedded SSL version 2.4.0 for DTLS and so far it works great but yesterday we found something strange. It looks like if the UDP packets does not arrive in the expected order to the client, the client fails to complete the negotiation.

The UDP packets that are sent between the client (c) and the server (s) are in our test case:
1. c->s client_hello
2. s->c hello_verify_request
3. c->s client_hello
4. s->c server_hello
    s->c certificate
    s->c certificate_request
    s->c server_hello_done
5. c->s certificate
... (the rest of the negiotion is not included here)

And the above works very well. The problem is if some packets in the same flight in step 4 arrives to the client in wrong order. As an example, if the packets in step 4 arrives in this order at the client:
4. server_hello_done
    certificate_request
    certificate
    server_hello 

Then, the client will fail to continue the negotiation process and will never send its certificate back to the server. Can you reproduce this scenario at your place? Is this a known issue? Is it something that will be fixed?

Go to forum: wolfSSL