Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-920

DTLS server error on ClientHello re-transmission

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OTP-22.0-rc2
    • Fix Version/s: 22.1
    • Component/s: ssl
    • Labels:
      None

      Description

      If a DTLS client retransmit the Client Hello + Cookie packet (second handshake packet) the DTLS server fail with bad_record_mac tls_alert. This only happens when using 'dtlsv1.2'.

      After the Client Hello + Cookie packet, the state in dtls_connection is certify.
      If this packet is re-transmitted, acceptable_record_versions/2 in next_dtls_record/3 returns [

      {254,253}] but the packet still have version {254,255} which cause an alert and the handshake fail.

      Packet order that cause the error:
      Client Hello (sequence_number=0)
      Client Hello (sequence_number=1)
      Hello Verify Request
      Client Hello + Cookie (sequence_number=2)
      Client Hello + Cookie (sequence_number=3)

      As a workaround I'm always returning [{254,253}

      ,

      {254,255}], instead of calling acceptable_record_versions/2:
      
      

      next_dtls_record(Data, StateName, #state{protocol_buffers = #protocol_buffers{ dtls_record_buffer = Buf0, dtls_cipher_texts = CT0} = Buffers,
      ssl_options = SslOpts} = State0) ->
      case dtls_record:get_dtls_records(Data,
      [{254,253},{254,255}

      ],
      Buf0, SslOpts) of

      {Records, Buf1}

      ->
      CT1 = CT0 ++ Records,
      next_record(State0#state{protocol_buffers =
      Buffers#protocol_buffers{dtls_record_buffer = Buf1,
      dtls_cipher_texts = CT1}});
      #alert{} = Alert ->
      Alert
      end.

      
      

        Attachments

          Activity

            People

            Assignee:
            otp_team_ps Team PS
            Reporter:
            benbro Ben B
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: