We finished to implement the session resumption in Scandium. We use gnuTLS for our test and we faced some bugs with it too. It seems DTLS implementation are not yet very stable. Do you have the same feeling ? Maybe DTLS is no so much used ?

Anyway, I take some time to retest with wolfssl.
But I encountered a new problem.
When I try :

./examples/server/server -s -u -v 3 -l PSK-AES128-CCM-8


I get this error :

 wolfSSL error: client can't set cipher list 1 

I failed it with master, v3.6.8 and v3.6.6.
With v3.6.2, I get the out of orderer message, I previously reported you.

I successfully done an handshake and a resume handshake using the commit :  37ba6aeee739c3d7a1dd7cec684ab796af7ecbab fix psk no identify hint example logic

I maybe found a regression.

Simon

2

(5 replies, posted in wolfSSL)

Re,
  Scandium now supports that a client does not send "Supported Elliptic Curves" and "Supported Point Formats" extension.
  So I taked time to retest that with wolfssl.
  I successfully passed the ClientHello message but I still encountered the same problem as I described previously.
  I also tested what you proposed about modifying the client.c example.
  But In all case,  the client never answer after the "Server Hello Done" from the server... no error in output even when debug mod is activated.
Too bad :'( !
Simon

No problem.

In fact, I work on Leshan project. We use DTLS/Scandium for secure our Lightweight M2M communication. (I do some contribution to scandium too)

I currently test the resume handshake feature with scandium at server side.
As scandium seems to not really do that at client side, I choose to test this with other client, this is also a good way to test scandium interoperability with other opensource DTLS implementation.

So I tried with :
- tinydtls : the handshake is ok but it seems it doen't not handle session id at all (so no resume).
- wolfssl : I did not succeed to make an handshake. (see my 2 posts)
- bouncycastle : I did not succeed to make an handshake too. (It seems it does not handle several message on the same flight)
- mbedTls(polarsll) : handshake is ok except there is some issue with certificate message, I need to test the resume session now.

I take some times to report the problems I encounter because it's the way opensource works smile.

Simon

4

(5 replies, posted in wolfSSL)

OK I tested with the option you proposed and a wolfssl client and server, and it works !

1) You didn't answered about the "Supported Elliptic Curves" and "Supported Point Formats" extension issue.
2) I workaround the "Supported Elliptic Curves" and "Supported Point Formats" extension issue by modifying scandium code, but I encountered another issue this time the handshake go to Server Hello Done, but the wolfssl client never answer

C=> Client Hello
S=> Hello Verify Request
C=> Client Hello
S=> Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done

I compare the 2 wireshark captures (wolf/wolf and wolf/scandium) and I don't see any problems hmm.
I tried to launch wolfssl in debug mode and it seems to be in a strange state : 

connect state: HELLO_AGAIN_REPLY
wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
received record layer msg
wolfSSL Entering DoDtlsHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
More records in input
growing input buffer

wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Embed Receive From error
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
    Socket timeout
wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Embed Receive From error
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
    Socket timeout
... ... ... ....
wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Embed Receive From error
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
    Socket timeout

Thx a lot for this explanation.

Maybe a good improvement could be to add all the supported PSK ciphersuite when --enablepsk is used. (This will be more accessible for noob like me tongue)

So, I retested wolfssl. I tried with a wolfssl client and a wolfssl server, and it works.
I retried with wolfssl client and scandium server and this failed with a

err = -373, Out of order message, fatal
wolfSSL error: SSL_connect failed

I suspect this is because scandium doesn't sent ServerKeyExchange for PSK and wolfssl expect it.
if I'm right, I think this is a bug, I read the spec again and it seems the ServerKeyExchange was optionnal :

"To help the client in selecting which identity to use, the server can provide a "PSK identity hint" in the ServerKeyExchange message.  If no hint is provided, the ServerKeyExchange message is omitted. "
(source : https://tools.ietf.org/html/rfc4279#section-2)

Simon

6

(5 replies, posted in wolfSSL)

Hi,
  As I said in my previous post. I tried to connect wolfssl(3.6.0) to Eclipse Scandium(master).
  As I failed to use PSK, I tried to use RPK with Elliptic curves using TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite.
  So I tried to configure wolfssl like this :

./configure --enable-dtls --enable-aesccm --enable-supportedcurves --enable-scep
./examples/client/client -h 127.0.0.1 -p 5684 -u -v 3

(I also tried adding --enable-tlsx)
But in all case, wolfssl did not add the "Supported Elliptic Curves" and "Supported Point Formats" extension in Client_Hello.
This is not really mandatory as the spec say : "A TLS client that proposes ECC cipher suites in its ClientHello message SHOULD include these extensions"
But, Scandium refuse to continue handshake, if those extensions are not present for ECC, I think this is mainly a scandium issue (I will open it). But I think wolfssl should add this extension as the specification recommend it.

The same issue was present in openssl in the past, it was fixed now.

Simon

Hi,
  I tried to connect wolfssl(3.6.0) to Eclipse Scandium (master). 
  I use wolf as a client(./examples/client/client) and scandium as server (ExampleDTLSServer.class).
  I try to use PSK but it seems there is no cipher suite compatible.

  Scandium support only : TLS_PSK_WITH_AES_128_CCM_8 and TLS_PSK_WITH_AES_128_CBC_SHA256 for PSK.
  I configure wolfssl to use PSK like that:

./configure --enable-dtls --enable-psk
./examples/client/client -h 127.0.0.1 -p 5684 -u -v 3 -s

  With wireshark I see the Client Hello contains only: Cipher Suite: TLS_DHE_PSK_WITH_AES_128_GCM_SHA256.
  I looked at the doc and TLS_PSK_WITH_AES_128_CBC_SHA256 should be supported too.

  I probably missed something ?

Simon

P.S : It could be great if wolfssl supports this 2 cipher suite TLS_PSK_WITH_AES_128_CCM_8 and TLS_PSK_WITH_AES_128_CBC_SHA256 as they was mandatory in OMA Lightweight M2M specification [ last one was : OMA-TS-LightweightM2M-V1_0-20150707-D].