DTLS: Retransmission handled incorrectly ("Received unexpected record version") #2316
Labels
Comments
|
Makes sense and yes for DTLS we should just drop it instead of alerting. |
|
Won't be fixed in time for 2.14.0 (release next Monday) but will address this in 2.15 |
Closed
nametoolong
pushed a commit
to nametoolong/botan
that referenced
this issue
Apr 27, 2020
Otherwise out-of-order client hello can trigger randombit#2316.
|
I am still receiving this Exception in 2.15 :/ |
|
sorry found the error. ok it works |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the beginning of the handshake the client sends ClientHello message with DTLS Record Version 1.0. The version of the inner message is 1.2. Server sets pending state to DTLS version 1.2. Client meanwhile retransmits the record again, thinking the packet got lost. Retransmitted message arrives to the server but the record version is checked against the pending state and obviously 1.0 != 1.2. As the consequence connection gets alerted while the message probably should be just dropped.
I created some extra info from our test cert environment.
This is the area of code causing the issue. I have added some vars to watch.
This zipfile contains wireshark dump of the handshake and dumped m_record_buf (which proves that it matches with the ClientHello message in the wireshark)
dumps.zip
The text was updated successfully, but these errors were encountered: