OpenSSL 1.0.1[de] DTLS compatibility

David Woodhouse dwmw2 at
Mon Feb 11 17:51:03 EST 2013

It looks like OpenSSL 1.0.0d and 1.0.0e have broken compatibility with
Cisco's pre-standardisation version of DTLS.

$DEITY knows why Cisco haven't updated to the real standard by now; they
could easily have run both DTLS1.0 and their speshul DTLS0.9 in parallel
on the servers, and upgraded clients over time to use the proper
version. But they haven't.


The required patch (to OpenSSL) is below:

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 2e93657..1db1d8c 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -146,7 +146,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 	unsigned padding_length, good, to_check, i;
 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
 	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
 		/* These lengths are all public so we can test them in
 		 * non-constant time.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list