I have a DTLS implementation using Apple's libraries and during the SSLHandshake it fails with `errSSLRecordOverflow`.
It seems to happen when there's fragmentation in the Handshake as shown by the capture below:
No. Time Source Destination Protocol Length Info
1 0.000000 177.168.36.85 3.80.173.20 DTLSv1.0 166 Client Hello
Frame 1: 166 bytes on wire (1328 bits), 166 bytes captured (1328 bits)
Null/Loopback
Internet Protocol Version 4, Src: 177.168.36.85, Dst: 3.80.173.20
User Datagram Protocol, Src Port: 56732, Dst Port: 80
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 0
Length: 121
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 109
Message Sequence: 0
Fragment Offset: 0
Fragment Length: 109
Version: DTLS 1.0 (0xfeff)
Random: 5c363e2a2dff285b8752bdf572a37d3a61d53e46bbe1c8d3...
Session ID Length: 0
Cookie Length: 0
Cipher Suites Length: 32
Cipher Suites (16 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 35
Extension: supported_groups (len=8)
Extension: ec_point_formats (len=2)
Extension: status_request (len=5)
Extension: signed_certificate_timestamp (len=0)
Extension: extended_master_secret (len=0)
No. Time Source Destination Protocol Length Info
2 0.203556 3.80.173.20 177.168.36.85 DTLSv1.0 70 Hello Verify Request
Frame 2: 70 bytes on wire (560 bits), 70 bytes captured (560 bits)
Null/Loopback
Internet Protocol Version 4, Src: 3.80.173.20, Dst: 177.168.36.85
User Datagram Protocol, Src Port: 80, Dst Port: 56732
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Hello Verify Request
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 0
Length: 25
Handshake Protocol: Hello Verify Request
Handshake Type: Hello Verify Request (3)
Length: 13
Message Sequence: 0
Fragment Offset: 0
Fragment Length: 13
Version: DTLS 1.0 (0xfeff)
Cookie Length: 10
Cookie: a1915fc22d045e86f30b
No. Time Source Destination Protocol Length Info
3 0.218514 177.168.36.85 3.80.173.20 DTLSv1.0 176 Client Hello
Frame 3: 176 bytes on wire (1408 bits), 176 bytes captured (1408 bits)
Null/Loopback
Internet Protocol Version 4, Src: 177.168.36.85, Dst: 3.80.173.20
User Datagram Protocol, Src Port: 56732, Dst Port: 80
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 1
Length: 131
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 119
Message Sequence: 1
Fragment Offset: 0
Fragment Length: 119
Version: DTLS 1.0 (0xfeff)
Random: 5c363e2a6d985bfc8fd565368e9e856a6eda286a3363b8cb...
Session ID Length: 0
Cookie Length: 10
Cookie: a1915fc22d045e86f30b
Cipher Suites Length: 32
Cipher Suites (16 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 35
Extension: supported_groups (len=8)
Extension: ec_point_formats (len=2)
Extension: status_request (len=5)
Extension: signed_certificate_timestamp (len=0)
Extension: extended_master_secret (len=0)
No. Time Source Destination Protocol Length Info
4 0.387229 3.80.173.20 177.168.36.85 DTLSv1.0 201 Certificate (Reassembled), Server Hello Done
Frame 4: 201 bytes on wire (1608 bits), 201 bytes captured (1608 bits)
Null/Loopback
Internet Protocol Version 4, Src: 3.80.173.20, Dst: 177.168.36.85
User Datagram Protocol, Src Port: 80, Dst Port: 56732
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Certificate (Reassembled)
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 3
Length: 131
Handshake Protocol: Certificate (Reassembled)
Handshake Type: Certificate (11)
Length: 1456
Message Sequence: 2
Fragment Offset: 1337
Fragment Length: 119
Reassembled in: 5
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 4
Length: 12
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
Message Sequence: 3
Fragment Offset: 0
Fragment Length: 0
No. Time Source Destination Protocol Length Info
5 0.387238 3.80.173.20 177.168.36.85 DTLSv1.0 1464 Server Hello, Certificate (Fragment)
Frame 5: 1464 bytes on wire (11712 bits), 1464 bytes captured (11712 bits)
Null/Loopback
Internet Protocol Version 4, Src: 3.80.173.20, Dst: 177.168.36.85
User Datagram Protocol, Src Port: 80, Dst Port: 56732
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 1
Length: 57
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 45
Message Sequence: 1
Fragment Offset: 0
Fragment Length: 45
Version: DTLS 1.0 (0xfeff)
Random: f18ad47c4ee472a968739049a147cd22261db885f5bdb35b...
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info (len=1)
DTLSv1.0 Record Layer: Handshake Protocol: Certificate (Fragment)
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 2
Length: 1349
Handshake Protocol: Certificate (Fragment)
Handshake Type: Certificate (11)
Length: 1456
Message Sequence: 2
Fragment Offset: 0
Fragment Length: 1337