mickel8
commented
11 months ago Why do you want to change that? We rely on openssl so I assume it's openssl who fragments it and that's probably because it doesn't fit into MTU
Open Lazarus404 opened 11 months ago
mickel8
commented
11 months ago Why do you want to change that? We rely on openssl so I assume it's openssl who fragments it and that's probably because it doesn't fit into MTU
Lazarus404
commented
11 months ago The server isn't accepting the new session response and I'm trying to eliminate causes.
Lazarus404
commented
11 months ago I'm trying to get the app to handshake with an existing WebRTC gateway. The difference, I think, is that my Server Hello doesn't provide a "certificate request", which the browser DTLS-SRTP handshake performs.
mickel8
commented
10 months ago @Lazarus404 any progress on this?
spscream
commented
8 months ago @Lazarus404 @mickel8 I also have an issue with Server Hello - my mtu size is 1300, but openssl for some reason assumes it is larger and fragmented server hello doesn't fit my mtu size. If I change my mtu to larger value the server hello reaches client and handshake is successful. I saw Lorenzo from janus-gateway had the same issue long time ago: https://mailing.openssl.users.narkive.com/L431ya4W/openssl-users-dtls-fragmentation-and-mem-bio
mickel8
commented
7 months ago @spscream Sorry for the late response and big thanks for the link!. Yeah, looks like the easiest way to reproduce the error is to pass your own key/cert pair to ExDTLS.init that is larger than 2048 e.g. 4096 (as in the link you posted).
We would have to move from mem BIO to our custom BIO or write a filter like in the case of Janus.
When ExDTLS responds to a Client Hello, it's sending fragmented certificate data. How can I change this to send the whole data?