[gnutls-help] DTLS retransmission issue with gnutls-cli

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Oct 1 13:30:45 CEST 2014

On Wed, Oct 1, 2014 at 12:11 AM, Manuel Pégourié-Gonnard
<mpg at polarssl.org> wrote:
> Hi,
> Using gnutls-cli version 3.3.8, I observed the following behaviour: if the
> handshake flight starting with (Client)Certificate and ending with
> (Client)Finished is lost (it is sent in a single UDP datagram), then gnutls-cli
> never retransmits it, and the handshake eventually times out after about 40 seconds.
> The expected behaviour would be for the client to retransmit the lost flight.
> The problem was observed using a UDP proxy that drops and delay packets
> pseudo-randomly. A capture of the failed handshake is available at:
> https://elzevir.fr/tmp/gnutls-cli-not-resending-gnutls-serv.pcapng.gz

Interesting. There is the dtls-stress tool to reproduce that scenario
and I tried:
./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234
CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec
CFinished -d 6
which filters the same packets as in your scenario, but everything goes well.

The packets are filtered and retransmitted. Could you send me the full
gnutls-cli log with -d 6 when the packets don't get send?


More information about the Gnutls-help mailing list