Re: [Patch] Fix blocking DTLS

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Patch] Fix blocking DTLS

From:	Sean Buckheister
Subject:	Re: [Patch] Fix blocking DTLS
Date:	Thu, 16 Feb 2012 15:00:58 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120212 Thunderbird/10.0.1

[Oh, elements ... Copy to list since I hit the wrong button. Again.]

> Nice fix, applied. Which case did you notice failing?

Lots. Just some examples:

SHello(210), SFinished(10), CFinished(210) :- SHello, SKeyExchange,
SHelloDone, CKeyExchange, CChangeCipherSpec, CFinished,
SChangeCipherSpec, SFinished

SHello(021), SFinished(10), CFinished(102) :- CKeyExchange,
CChangeCipherSpec, CFinished, SChangeCipherSpec, SFinished

SHello(120), SFinished(10), CFinished(120) :- SHelloDone, CFinished,
SChangeCipherSpec, SFinished

It feels like any case that has an incomplete final flight. It would
make sense, too, since the client would then retransmit it's final
flight, including the Finished packet, after which the server would
initiate rehandshake where none should have happened.

> Does it fix the parallel checks?

With 1000 children on my machine and timeouts at twice the defaults
(120s handshake timeout, 240s kill timeout), yes. More children need
higher timeouts to work, but they do work.

I'll add two-way certificate authentication and look how it holds up. It
should work fine; all cert packets are contained in inner flights, all
of which gnutls handles perfectly fine.

[Prev in Thread]

Current Thread

[Next in Thread]

[Patch] Fix blocking DTLS, Sean Buckheister, 2012/02/16
- Re: [Patch] Fix blocking DTLS, Nikos Mavrogiannopoulos, 2012/02/16
  - Re: [Patch] Fix blocking DTLS, Sean Buckheister <=

Prev by Date: Re: [Patch] Fix blocking DTLS
Next by Date: [PATCH] Fix file leak in an example application.
Previous by thread: Re: [Patch] Fix blocking DTLS
Next by thread: [PATCH] Fix file leak in an example application.
Index(es):
- Date
- Thread