Hi, Using gnutls-cli version 3.3.8, I observed the following behaviour: if the handshake flight starting with (Client)Certificate and ending with (Client)Finished is lost (it is sent in a single UDP datagram), then gnutls-cli never retransmits it, and the handshake eventually times out after about 40 seconds.
The expected behaviour would be for the client to retransmit the lost flight. The problem was observed using a UDP proxy that drops and delay packets pseudo-randomly. A capture of the failed handshake is available at: https://elzevir.fr/tmp/gnutls-cli-not-resending-gnutls-serv.pcapng.gz The server (gnutls-serv in this case) is listening on port 4433, and the proxy on port 5556. So, the communication as seen by the client can be obtained by filtering on udp.dstport == 5556 || udp.srcport == 5556 in wireshark. The client's output ends with: - Successfully sent 0 certificate(s) to server. |<1>| Discarded replayed handshake packet with sequence 1 [...] |<1>| Discarded replayed handshake packet with sequence 5 *** Fatal error: The operation timed out *** Handshake has failed GnuTLS error: The operation timed out Please let me know if you need more information about the problem. It's probably possible to reproduce it using dtls-stress from the GnuTLS test utilities, but I didn't try. I never observed a similar behaviour (not retransmitting when needed) with gnutls-serv so far. Regards, Manuel. _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
