请求时Dtls握手中使用了错误的SSL版本
我正在用C实现DTLS 1.2协议。在使用openSSL测试客户端时,我发现openSSL发送的一个帧使用的不是正确的DTLS版本(1.2),而是旧版本(1.0) C中的客户端仅支持DTLS1.2,因此拒绝OpenSSL发送的帧 由C客户端发送的HelloClient:请求时Dtls握手中使用了错误的SSL版本,ssl,openssl,dtls,Ssl,Openssl,Dtls,我正在用C实现DTLS 1.2协议。在使用openSSL测试客户端时,我发现openSSL发送的一个帧使用的不是正确的DTLS版本(1.2),而是旧版本(1.0) C中的客户端仅支持DTLS1.2,因此拒绝OpenSSL发送的帧 由C客户端发送的HelloClient: Frame 2461: 109 bytes on wire (872 bits), 109 bytes captured (872 bits) on interface 0 Ethernet II, Src: Infineon_
Frame 2461: 109 bytes on wire (872 bits), 109 bytes captured (872 bits) on interface 0
Ethernet II, Src: Infineon_00:00:01 (00:03:19:00:00:01), Dst: Tp-LinkT_dc:4e:82 (50:3e:aa:dc:4e:82)
Internet Protocol Version 4, Src: 192.168.88.73, Dst: 192.168.88.77
User Datagram Protocol, Src Port: 50003, Dst Port: 60003
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: DTLS 1.2 (0xfefd)
Epoch: 0
Sequence Number: 0
Length: 54
Handshake Protocol: Client Hello
Frame 2464: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0
Ethernet II, Src: Tp-LinkT_dc:4e:82 (50:3e:aa:dc:4e:82), Dst: Infineon_00:00:01 (00:03:19:00:00:01)
Internet Protocol Version 4, Src: 192.168.88.77, Dst: 192.168.88.73
User Datagram Protocol, Src Port: 60003, Dst Port: 50003
Datagram Transport Layer Security
DTLSv1.0 Record Layer: Handshake Protocol: Hello Verify Request
Content Type: Handshake (22)
Version: DTLS 1.0 (0xfeff)
Epoch: 0
Sequence Number: 0
Length: 35
Handshake Protocol: Hello Verify Request
(该部分包含有关该用法的更多信息。)非常感谢!它清楚地涵盖了这个案例。所以这个框架必须被我的客户接受,无论使用的是什么版本。
TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and use
compatible ClientHello messages; thus, supporting all of them is
relatively easy. Similarly, servers can easily handle clients trying
to use future versions of TLS as long as the ClientHello format
remains compatible, and the client supports the highest protocol
version available in the server.