Exhaustive DTLS handshake test

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Feb 11 18:37:49 CET 2012


On 02/11/2012 05:21 PM, Sean Buckheister wrote:


> as promised, I built a (more or less) exhaustive test for the DTLS
> handshake procedure. The test program will try all sensible permutations
> and drop varieties that could affect handshake flight. The rules are simple:
> * never touch ClientHello packets
> * permute the other flight atomically in some manner, don't span flights
> * drop packets as needed

> This gives us 6*2*6*256 = a boatload of longrunning tests. I let the
> program run over night, and the blocking DTLS handshake is indeed very
> stable: it always works, unless ServerHello flights are not permuted,
> but lost completely. [1]


Thank you. What happens if flights are permuted? I tried to run the
app and I got:
<client tls> An unexpected TLS packet was received. (fatal)
-- ServerHello(012), ServerFinished(01), ClientFinished(012) :-

I'll try to figure out, but would be nice if you could explain the
output of the test.


> Not so for the nonblocking handshake: timeouts occur much more often,
> and with no distinguishable pattern. My guess is that the test code is
> still incorrect there.


You mean you receive a fatal GNUTLS_E_TIMEDOUT earlier than expected?

regards,
Nikos




More information about the Gnutls-devel mailing list