Topic: DTLS negotiation fails when client and server use different versions

Hi
I'm using the DTLS example server provided with the wolfSSL 4.1.0 and I'm using an openSSL client.
The client can use either DTLS 1.0 or 1.2.

If I set both on the server and client the same DTLS version everything goes fine.
If I set the server with 1.2 and the client with 1.0, the server does not accept the client connection.

The openSSL server can be configured (option -dtls) to accept any client either 1.0 or 1.2.
This seems not possible with wolfSSL.

In fact wolfSSL has the following server methods:

wolfDTLSv1_server_method
wolfDTLSv1_2_server_method

While openSSL has:

DTLS_server_method
DTLSv1_2_server_method
DTLSv1_server_method

So, it seems that wolfSSL does not provide a generic DTLS server method in case we would negotiate the version with the client.

Is there any specific setting to "force" the server to negotiate the version depending on the client dtls version (10 or 1.2)?

thanks
regards
alfonso

Share

Re: DTLS negotiation fails when client and server use different versions

Hi Alfonso,

We don't currently provide a generic DTLS negotiation option. The function wolfSSLv23_server_method will negotiate for a TLS version, but at the moment we don't have the same support for DTLS. However, if you would like to submit a feature request, feel free to send an email to support@wolfssl.com.

Thanks!

Carie

Share