DTLS_set_timer_cb in OpenSSL 1.1.1

By | August 29, 2022

A few years ago I had problems connecting a Cisco 1131 LWAP to an Open Source CAPWAP WLC and figured out a hard coded DTLS timeout of one second in the Open SSL library as the reason. So at that time I asked in the OpenSSL developer forum, if this could be made configurable, but got answered, I should fix the client.
Of course, fixing the client was no option, so I ended up patching the SSL library and link the WLC against the patched version.
But now, finally, some years later, there is in OpenSSL 1.1.1. the possibility to configure the DTLS timeout.
But, the documentation is poor as usual for OpenSSL. What has the DTLS_timer_cb function to return? The timeout in seconds, in milliseconds, nanoseconds? Is it just the timeout value to return or do I have to return some absolute time in the future from now? And what is the timer_us parameter for? After digging into the OpenSSL source code, I now know, the timer_us parameter is always zero, and the function has to return the timeout in microseconds.
Maybe this helps someone, who does not know what to return from DTLS_timer_cb, too.

Leave a Reply

Your email address will not be published. Required fields are marked *