0 Replies
      Latest reply on Jan 11, 2019 4:07 AM by ppaulojr
      ppaulojr Level 1 Level 1 (0 points)

        I have a DTLS implementation using Apple's libraries and during the SSLHandshake it fails with `errSSLRecordOverflow`.

         

        It seems to happen when there's fragmentation in the Handshake as shown by the capture below:

         

        No.     Time           Source                Destination           Protocol Length Info
              1 0.000000       177.168.36.85         3.80.173.20           DTLSv1.0 166    Client Hello
        
        
        Frame 1: 166 bytes on wire (1328 bits), 166 bytes captured (1328 bits)
        Null/Loopback
        Internet Protocol Version 4, Src: 177.168.36.85, Dst: 3.80.173.20
        User Datagram Protocol, Src Port: 56732, Dst Port: 80
        Datagram Transport Layer Security
            DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 0
                Length: 121
                Handshake Protocol: Client Hello
                    Handshake Type: Client Hello (1)
                    Length: 109
                    Message Sequence: 0
                    Fragment Offset: 0
                    Fragment Length: 109
                    Version: DTLS 1.0 (0xfeff)
                    Random: 5c363e2a2dff285b8752bdf572a37d3a61d53e46bbe1c8d3...
                    Session ID Length: 0
                    Cookie Length: 0
                    Cipher Suites Length: 32
                    Cipher Suites (16 suites)
                    Compression Methods Length: 1
                    Compression Methods (1 method)
                    Extensions Length: 35
                    Extension: supported_groups (len=8)
                    Extension: ec_point_formats (len=2)
                    Extension: status_request (len=5)
                    Extension: signed_certificate_timestamp (len=0)
                    Extension: extended_master_secret (len=0)
        
        
        No.     Time           Source                Destination           Protocol Length Info
              2 0.203556       3.80.173.20           177.168.36.85         DTLSv1.0 70     Hello Verify Request
        
        
        Frame 2: 70 bytes on wire (560 bits), 70 bytes captured (560 bits)
        Null/Loopback
        Internet Protocol Version 4, Src: 3.80.173.20, Dst: 177.168.36.85
        User Datagram Protocol, Src Port: 80, Dst Port: 56732
        Datagram Transport Layer Security
            DTLSv1.0 Record Layer: Handshake Protocol: Hello Verify Request
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 0
                Length: 25
                Handshake Protocol: Hello Verify Request
                    Handshake Type: Hello Verify Request (3)
                    Length: 13
                    Message Sequence: 0
                    Fragment Offset: 0
                    Fragment Length: 13
                    Version: DTLS 1.0 (0xfeff)
                    Cookie Length: 10
                    Cookie: a1915fc22d045e86f30b
        
        
        No.     Time           Source                Destination           Protocol Length Info
              3 0.218514       177.168.36.85         3.80.173.20           DTLSv1.0 176    Client Hello
        
        
        Frame 3: 176 bytes on wire (1408 bits), 176 bytes captured (1408 bits)
        Null/Loopback
        Internet Protocol Version 4, Src: 177.168.36.85, Dst: 3.80.173.20
        User Datagram Protocol, Src Port: 56732, Dst Port: 80
        Datagram Transport Layer Security
            DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 1
                Length: 131
                Handshake Protocol: Client Hello
                    Handshake Type: Client Hello (1)
                    Length: 119
                    Message Sequence: 1
                    Fragment Offset: 0
                    Fragment Length: 119
                    Version: DTLS 1.0 (0xfeff)
                    Random: 5c363e2a6d985bfc8fd565368e9e856a6eda286a3363b8cb...
                    Session ID Length: 0
                    Cookie Length: 10
                    Cookie: a1915fc22d045e86f30b
                    Cipher Suites Length: 32
                    Cipher Suites (16 suites)
                    Compression Methods Length: 1
                    Compression Methods (1 method)
                    Extensions Length: 35
                    Extension: supported_groups (len=8)
                    Extension: ec_point_formats (len=2)
                    Extension: status_request (len=5)
                    Extension: signed_certificate_timestamp (len=0)
                    Extension: extended_master_secret (len=0)
        
        
        No.     Time           Source                Destination           Protocol Length Info
              4 0.387229       3.80.173.20           177.168.36.85         DTLSv1.0 201    Certificate (Reassembled), Server Hello Done
        
        
        Frame 4: 201 bytes on wire (1608 bits), 201 bytes captured (1608 bits)
        Null/Loopback
        Internet Protocol Version 4, Src: 3.80.173.20, Dst: 177.168.36.85
        User Datagram Protocol, Src Port: 80, Dst Port: 56732
        Datagram Transport Layer Security
            DTLSv1.0 Record Layer: Handshake Protocol: Certificate (Reassembled)
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 3
                Length: 131
                Handshake Protocol: Certificate (Reassembled)
                    Handshake Type: Certificate (11)
                    Length: 1456
                    Message Sequence: 2
                    Fragment Offset: 1337
                    Fragment Length: 119
                Reassembled in: 5
            DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 4
                Length: 12
                Handshake Protocol: Server Hello Done
                    Handshake Type: Server Hello Done (14)
                    Length: 0
                    Message Sequence: 3
                    Fragment Offset: 0
                    Fragment Length: 0
        
        
        No.     Time           Source                Destination           Protocol Length Info
              5 0.387238       3.80.173.20           177.168.36.85         DTLSv1.0 1464   Server Hello, Certificate (Fragment)
        
        
        Frame 5: 1464 bytes on wire (11712 bits), 1464 bytes captured (11712 bits)
        Null/Loopback
        Internet Protocol Version 4, Src: 3.80.173.20, Dst: 177.168.36.85
        User Datagram Protocol, Src Port: 80, Dst Port: 56732
        Datagram Transport Layer Security
            DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 1
                Length: 57
                Handshake Protocol: Server Hello
                    Handshake Type: Server Hello (2)
                    Length: 45
                    Message Sequence: 1
                    Fragment Offset: 0
                    Fragment Length: 45
                    Version: DTLS 1.0 (0xfeff)
                    Random: f18ad47c4ee472a968739049a147cd22261db885f5bdb35b...
                    Session ID Length: 0
                    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                    Compression Method: null (0)
                    Extensions Length: 5
                    Extension: renegotiation_info (len=1)
            DTLSv1.0 Record Layer: Handshake Protocol: Certificate (Fragment)
                Content Type: Handshake (22)
                Version: DTLS 1.0 (0xfeff)
                Epoch: 0
                Sequence Number: 2
                Length: 1349
                Handshake Protocol: Certificate (Fragment)
                    Handshake Type: Certificate (11)
                    Length: 1456
                    Message Sequence: 2
                    Fragment Offset: 0
                    Fragment Length: 1337