-responseWait in learn_openssl_server_psk causes hello-msg/handshake failure

Question

-responseWait in learn_openssl_server_psk causes hello-msg/handshake failure

Opened this issue 2 years ago · 1 comments

When attempting the very first hello-msg or handshake in the Readme,
the presence of the -responseWait argument to openssl causes a complete failure:

c@intel12400 ~/dtls-fuzzer (remove-response-wait)> LD_LIBRARY_PATH=suts/openssl-1.1.1b/ java -jar target/dtls-fuzzer.jar @
args/openssl/learn_openssl_server_psk -test examples/tests/servers/psk
05:16:31 [main] INFO : Main - Processing command state-fuzzer-server
05:16:31 [main] INFO : Main - Running test runner
05:16:31 [main] INFO : ProcessHandler - Command to launch SUT: /home/c/dtls-fuzzer/suts/openssl-1.1.1b/apps/openssl s_server -psk 1234 -key /home/c/dtls-fuzzer/experiments/keystore/rsa2048_key.pem -cert /home/c/dtls-fuzzer/experiments/keystore/rsa2048_cert.pem -CAfile /home/c/dtls-fuzzer/experiments/keystore/rsa2048_cert.pem -accept 27791 -dtls1_2 -responseWait 5000 -mtu 5000
05:16:31 [main] INFO : TestRunner - Test: PSK_CLIENT_HELLO PSK_CLIENT_HELLO PSK_CLIENT_KEY_EXCHANGE CHANGE_CIPHER_SPEC FINISHED APPLICATION
1 times outputs: TIMEOUT SOCKET_CLOSED SOCKET_CLOSED SOCKET_CLOSED SOCKET_CLOSED SOCKET_CLOSED

Removing the -responseWait argument from the last line of args/openssl/learn_openssl_server_psk allows the initial handshake to proceed:

c@intel12400 ~/dtls-fuzzer (remove-response-wait)> LD_LIBRARY_PATH=suts/openssl-1.1.1b/ java -jar target/dtls-fuzzer.jar @args/openssl/learn_openssl_server_psk -test examples/tests/servers/psk
05:17:11 [main] INFO : Main - Processing command state-fuzzer-server
05:17:11 [main] INFO : Main - Running test runner
05:17:11 [main] INFO : ProcessHandler - Command to launch SUT: /home/c/dtls-fuzzer/suts/openssl-1.1.1b/apps/openssl s_server -psk 1234 -key /home/c/dtls-fuzzer/experiments/keystore/rsa2048_key.pem -cert /home/c/dtls-fuzzer/experiments/keystore/rsa2048_cert.pem -CAfile /home/c/dtls-fuzzer/experiments/keystore/rsa2048_cert.pem -accept 27831 -dtls1_2 -mtu 5000
05:17:12 [main] INFO : TestRunner - Test: PSK_CLIENT_HELLO PSK_CLIENT_HELLO PSK_CLIENT_KEY_EXCHANGE CHANGE_CIPHER_SPEC FINISHED APPLICATION
1 times outputs: HELLO_VERIFY_REQUEST SERVER_HELLO|SERVER_HELLO_DONE TIMEOUT TIMEOUT CHANGE_CIPHER_SPEC|FINISHED APPLICATION

I discovered openssl is not accepting the -responseWait flag by testing the full openssl command from the shell.

I am not sure of the root-root cause (I am sure there is a good reason you are passing -responseWait to openssl)

Answer 1 · 2022-11-21T06:53:51.000Z

As far as I can see, the -responseWait flag replaced the -timeout sometime in the past of the commits.
I can't see any evidence openssl s_server can or has accepted -responseWait as a valid flag.

https://www.openssl.org/docs/man1.1.1/man1/openssl-s_server.html