chrome client does not send DTLS Finished message

73 views
Skip to first unread message

Andres Gonzalez

unread,
Jul 18, 2016, 7:45:41 PM7/18/16
to discuss-webrtc
Hi, 

I am debugging a issue where the DTLS handshake does not complete. The Wireshark trace shows that the initial hellos are exchanged correctly. The server sends the ServerHelloDone message.

The chrome client then sends its Certificate, Client Key Exchange, Certificate Verify Cipher Spec and Encrypted Handshake messages. The client then sends 7 times the following messages: Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, and Encrypted Handshake Message.  All of this exchange appears normal as per RFC5246/RFC6347.

However, the chrome client does NOT send the Finished message. 

Any idea why the chrome client does everything error free but never sends the Finished message?  

Thanks,
-Andres

Taylor Brandstetter

unread,
Jul 19, 2016, 12:28:19 PM7/19/16
to discuss...@googlegroups.com
Are you sure the encrypted handshake message isn't the finished message? I believe that's what it would normally be.

--

---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/0282f556-c7f9-4f87-b6ba-221eec0942d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Andres Gonzalez

unread,
Jul 19, 2016, 6:38:29 PM7/19/16
to discuss-webrtc
Thank you for your response Taylor.

That is a very interesting suggestion, I am NOT sure the Encrypted Handshake Message is the Finished Message... ah, I guess because it is encrypted.   :-)

Actually, I think you are correct. RFC5246, pg 63 says that the Finished message is sent immediately after the Change Cipher Spec message, and it is the first message that is encrypted using the negotiated crypto.  So it must be the Finished message.  My confusion was that all of the other handshake messages are interpreted in Wireshark so I can see what the actual message is. The other handshake messages are clearly decoded and I can see the message id. The message id of the Finished message is 20, so I was looking for either "Finished" or an id of 20.  But Wireshark displays:   Handshake (22)   so I interpreted that to mean it was NOT the Finished message.

Again, thank you for pointing that out for me.  
-Andres
Reply all
Reply to author
Forward
0 new messages