Problem with node dtls clients, other than openssl s_client

[KEGustafsson]

With openssl s_client, server is working fine, but all node dtls client that I have tested so far are causing problems. I have requestCert: false and rejectUnauthorized: false in server. openssl s_client -connect <ip>:<port> -dtls1_2 is working fine, but other node dtls clients make following error

Apr 28 18:35:17 Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher at onError (/home/node/proj/node_modules/dtls-server/node_modules/openssl-dtls/peer.js:28:23) at Peer._handler (/home/node/proj/node_modules/dtls-server/node_modules/openssl-dtls/peer.js:64:42) at Socket.<anonymous> (/home/node/proj/node_modules/dtls-server/node_modules/openssl-dtls/server.js:67:20) at Socket.emit (events.js:315:20) at UDP.onMessage [as onmessage] (dgram.js:919:8) { address: '::ffff:192.168.x.x', family: 'IPv6', port: 40933, size: 137 }

Any idea what might be the issues?

[jue89]

Hmm, I'd recommend to have a look into the handshake using Wireshark. IIRC the supported ciphers are exchanged unencrypted. FYI: 'openssl-dtls' supports explicit specification of ciphers offered for the connection.

[KEGustafsson]

I'll do this. Thanks! Any way, your implementation is working very fine and there is no issues with it. Are psk ciphersuites supported? I noticed that in the other open issues was asked client support. Is client support progressed since that date?

[KEGustafsson]

I haven't had too much time for further investigation so far. I was wondering if you have information, which node dtsl client solution would be best when using your server solution?

[jue89]

In our use-case it's mbedTLS communicating with this server implementation. Unfortunately, I can't give you further information on our use-case.

[KEGustafsson]

Ok. I got my client app up and running with your server. Closing issue.

[jue89]

I'm curious - what was the problem? (And for future users with similar problems.)

[KEGustafsson]

I tried several types of ECC certificates, but didn't succeed. RSA started to work without problems.

My head is now a bit puzzled after lots of debugging. Node client - node server, node client - openssl server, openssl client - node server and openssl client & server x various certificate variants.