search

Rantanen / node-dtls

JavaScript DTLS implementation for Node.js
ISC License
58 stars 15 forks source link

HelloVerifyRequest uses incorrect record sequence number #4

Closed brycekahle closed 9 years ago

brycekahle commented 9 years ago

First of all, thanks for this project :+1:

I was reading through the source code around the handshake and comparing it to the standard. I noticed there is no way to specify the sequence number for the HelloVerifyRequest packet, thus it doesn't guarantee this part of the standard:

In order to avoid sequence number duplication in case of multiple HelloVerifyRequests, the server MUST use the record sequence number in the ClientHello as the record sequence number in the HelloVerifyRequest.

Rantanen commented 9 years ago

Must have missed that part of the spec. Will try to fix that later today.