Open Lazarus404 opened 11 months ago
Why do you want to change that? We rely on openssl so I assume it's openssl who fragments it and that's probably because it doesn't fit into MTU
The server isn't accepting the new session response and I'm trying to eliminate causes.
I'm trying to get the app to handshake with an existing WebRTC gateway. The difference, I think, is that my Server Hello doesn't provide a "certificate request", which the browser DTLS-SRTP handshake performs.
@Lazarus404 any progress on this?
@Lazarus404 @mickel8 I also have an issue with Server Hello - my mtu size is 1300, but openssl for some reason assumes it is larger and fragmented server hello doesn't fit my mtu size. If I change my mtu to larger value the server hello reaches client and handshake is successful. I saw Lorenzo from janus-gateway had the same issue long time ago: https://mailing.openssl.users.narkive.com/L431ya4W/openssl-users-dtls-fragmentation-and-mem-bio
@spscream Sorry for the late response and big thanks for the link!. Yeah, looks like the easiest way to reproduce the error is to pass your own key/cert pair to ExDTLS.init
that is larger than 2048 e.g. 4096 (as in the link you posted).
We would have to move from mem BIO to our custom BIO or write a filter like in the case of Janus.
When ExDTLS responds to a Client Hello, it's sending fragmented certificate data. How can I change this to send the whole data?