Hi Yogesh, On 01.07.2011, at 00:59, Yogesh Chopra wrote:
> The setup is same as before (where traffic from server is blocked to > client). The Server responds only once with a HELLO_VERIFY response > for a HELLO request and then never sends a HELLO_VERIFY response for > subsequent CLIENT HELLO messages > > CLIENT SERVER > HELLO ---> > HELLO_VERIFY (For > First request) > > Post first request > > HELLO ---> > There is no response from > SERVER I tried to reproduce this behavior, but my DTLS programs (available on sctp.fh-muenster.de) behave as expected. The server responds to every ClientHello with a HelloVerifyRequest, which will be dropped due to a firewall policy. The client keeps repeating until I remove the fw policy, after which the handshake will be completed immediately. It is possible that your application does not handle this correctly? Are you using DTLSv1_listen() and call it again and again until it returns 1? That may not be the case, because the second ClientHello as a response to a HelloVerifyRequest is necessary for this call to return successfully, before you can create a new socket for the new connection and complete the handshake for it. Please have a look at the programs on our website. Maybe you can provide an excerpt of your code which handles incoming connections. Best regards Robin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
