Commit 047f2159 authored by Matt Caswell's avatar Matt Caswell
Browse files

Only use the fallback mtu after 2 unsuccessful retransmissions if it is less 


than the mtu we are already using

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent 464ce920

ssl/d1_lib.c

+5 −1
Original line number Diff line number Diff line
@@ -475,13 +475,17 @@ void dtls1_stop_timer(SSL *s) 


int dtls1_check_timeout_num(SSL *s)

	{

	unsigned int mtu;



	s->d1->timeout.num_alerts++;



	/* Reduce MTU after 2 unsuccessful retransmissions */

	if (s->d1->timeout.num_alerts > 2

			&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))

		{

		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		

		mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);

		if(mtu < s->d1->mtu)

			s->d1->mtu = mtu;

		}



	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)