Red Hat Bugzilla – Bug 1462541
openssl with DTLS hangs as a server
Last modified: 2017-06-25 12:20:40 EDT
Description of problem:
When attempting to run a DTLS server using openssl from Fedora 26, the server hangs while receiving packets from the client.
Version-Release number of selected component (if applicable):
(instructions require the gnutls git repo for certs/keys)
$ cd tests/suite
$ openssl s_server -cipher ALL -quiet -accept 5555 -keyform pem -certform pem -timeout -key ./../certs/rsa-2432.pem -cert ./../certs/cert-rsa-2432.pem -dkey ./../key-tests/data/dsa.1024.pem -dcert ./../key-tests/data/cert.dsa.1024.pem -CAfile ./../../doc/credentials/x509/ca.pem -state -dtls1_2
In other terminal:
$ gnutls-cli --udp 127.0.0.1 -p 5555 --insecure
(the cmd openssl s_client -connect 127.0.0.1:5555 -dtls
does not seem to work either)
The client hangs waiting for reply from the server. The server seems like it is not receiving the followup client hello messages.
I tried reproducing with upstream 1.1.0f from repository and I couldn't. The connection was established.
Investigated and found that this is not broken by downstream patches but by enabling the sctp protocol support.
I'll forward this to upstream.
openssl-1.1.0f-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-09d4464361
openssl-1.1.0f-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-09d4464361
openssl-1.1.0f-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.