Add DTLS replay tests.

At the record layer, DTLS maintains a window of seen sequence numbers to detect
replays. Add tests to cover that case. Test both repeated sequence numbers
within the window and sequence numbers past the window's left edge. Also test
receiving sequence numbers far past the window's right edge.

Change-Id: If6a7a24869db37fdd8fb3c4b3521b730e31f8f86
Reviewed-by: Adam Langley <>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 6f146af..8cdbaea 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -499,6 +499,12 @@
 	// BadRenegotiationInfo causes the renegotiation extension value in a
 	// renegotiation handshake to be incorrect.
 	BadRenegotiationInfo bool
+	// SequenceNumberIncrement, if non-zero, causes outgoing sequence
+	// numbers in DTLS to increment by that value rather by 1. This is to
+	// stress the replay bitmap window by simulating extreme packet loss and
+	// retransmit at the record layer.
+	SequenceNumberIncrement uint64
 func (c *Config) serverInit() {