[gnutls-help] DTLS and gnutls_bye

Sean Greenslade sean at seangreenslade.com
Wed Feb 15 03:07:07 CET 2017

On Tue, Feb 14, 2017 at 09:01:34PM +0100, Nikos Mavrogiannopoulos wrote:
> On Mon, Feb 13, 2017 at 10:28 PM, Sean Greenslade
> <sean at seangreenslade.com> wrote:
> > Hello, all. I've been writing a small server-client application that's
> > using GnuTLS's DTLS functionality. I must admit I'm not super familiar
> > with TLS in general, and it seems that DTLS is not used very often, so I
> > can't find too many examples of its use online.
> >
> > My question is this: is gnutls_bye intended to be used with DTLS
> > "connections"? I realize that there isn't a proper connection in UDP,
> > but it seems like it would be useful to inform the other end of a
> > connection that there will be no further communications in this TLS
> > session.
> >
> > Specifically, the behavior I'm seeing is this. gnutls_bye does send the
> > close alert message over the wire, however the receiving end does not
> > raise an alert error when checking for received packets.
> What does the other side receive?

When the close alert packet gets sent from the client to the server, I
can see it on the wire (encrypted, of course). The server has a
multiplexer function that handles multiple clients simultaneously, and
it sees a packet from the client and calls gnutls_record_recv() to
process it. gnutls_record_recv() returns zero, apparently ignoring the
alert flag while consuming the packet.


More information about the Gnutls-help mailing list