On Wed, Oct 1, 2014 at 12:11 AM, Manuel Pégourié-Gonnard <[email protected]> wrote: > Hi, > > Using gnutls-cli version 3.3.8, I observed the following behaviour: if the > handshake flight starting with (Client)Certificate and ending with > (Client)Finished is lost (it is sent in a single UDP datagram), then > gnutls-cli > never retransmits it, and the handshake eventually times out after about 40 > seconds. > > The expected behaviour would be for the client to retransmit the lost flight. > The problem was observed using a UDP proxy that drops and delay packets > pseudo-randomly. A capture of the failed handshake is available at: > https://elzevir.fr/tmp/gnutls-cli-not-resending-gnutls-serv.pcapng.gz
Interesting. There is the dtls-stress tool to reproduce that scenario and I tried: ./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234 CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec CFinished -d 6 which filters the same packets as in your scenario, but everything goes well. The packets are filtered and retransmitted. Could you send me the full gnutls-cli log with -d 6 when the packets don't get send? regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
