problems with firmware 1.15.34

[justme-1968]

a few of my tradfri-fhem users have noticed that the module stoped working after the latest ikea firmware update (1.15.34).

i have just noticed the same. but had not time to dig deeper.

it looks like the connection fails due to some encryption changes.

is there already a solution to this ?

[AlCalzone]

I'm on it

[justme-1968]

perfect. thanks !

[AlCalzone]

Looks like there's a bug in IKEA's new DTLS implementation, specifically this part of the DTLS specification is not obeyed:

         Client                             Server
         ------                             ------
         ClientHello (seq=0)  ------>

                              <------ HelloVerifyRequest (seq=0)

         ClientHello (seq=1)  ------>
         (with cookie)

                              <------        ServerHello (seq=1)
                              <------    ServerHelloDone (seq=2)

         [Rest of handshake]

DTLS implementations maintain (at least notionally) a next_receive_seq counter. This counter is initially set to zero. When a message is received, if its sequence number matches next_receive_seq, next_receive_seq is incremented and the message is processed. If the sequence number is less than next_receive_seq, the message MUST be discarded.

The gateway sends the ServerHello with the same sequence number that the HelloVerifyRequest has, so it gets discarded, causing the handshake to fail.

[AlCalzone]

Will be fixed in v3.0.1 in a couple of minutes

[justme-1968]

works! thanks again.