[gnutls-help] failing DTLS handshake

Balázs Kéri 1.int32 at gmail.com
Tue Aug 29 11:40:13 CEST 2017


Hi,

Here is more data included:
sequence numbers in format [epoch.sequence]
The client sends more ClientHello (these are discarded) before the server
is connected and ready to receive messages.
The client and server are started cleanly (no message exchange happens
before).
The message with epoch 1 is detected as duplicate but I do not see messages
with epoch 1 before it.
Fragment offsets and fragment lengths looks OK.

client->server:
ClientHello[0.0] (total 164 bytes)
client->server:
ClientHello[0.1] (total 164 bytes)
client->server:
ClientHello[0.2] (total 164 bytes)

client->server:
ClientHello[0.3] (total 164 bytes)

server->client:
ServerHello[0.0],Certificate[0.1],Certif
icateRequest[0.2],ServerHelloDone[0.3] (total 1159 bytes)

client->server:
Certificate(Fragment)(243)[0.4],Certificate(Fragment)(243)[0.5],Certif
icate(Fragment)(243)[0.6],Certificate(Fragment)(243)[0.7],Certificate(
Fragment)(13)[0.8],ClientKeyExchange(142)[0.9],CertificateVerify(62)[0.10],C
ertificateVerify(92)[0.11] (total 1427 bytes)

client->server:
ChangeCipherSpec(1)[0.12],EncryptedHandshakeMessage(64)[1.0] (total 133
bytes)

Balázs Kéri

2017-08-29 11:06 GMT+02:00 Nikos Mavrogiannopoulos <
n.mavrogiannopoulos at gmail.com>:

> On Mon, 2017-08-28 at 10:08 +0200, Balázs Kéri wrote:
> > Hi!
>
> > 533 [2017-Aug-24 10:13:38.768873]  GnuTLS -- [level:1]: Invalid
> > handshake packet headers. Discarding.
> > 569 [2017-Aug-24 10:13:38.770813]  GnuTLS -- [level:5]:
> > REC[0x7f9ce0013ea0]: Discarded duplicate message[1.0]: Handshake
>
> Check what the sent client record numbers are. That message was
> detected as duplicate.
>
> regards,
> Nikos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170829/6dc68876/attachment.html>


More information about the Gnutls-help mailing list