Re: How to detect dead peers with DTLS?

Tue, 20 Jan 2009 10:43:16 -0800 

Hi Robin,

what would be needed to add support for renegotiations in DTLS?

Best regards
Michael

On Jan 20, 2009, at 7:01 PM, Robin Seggelmann wrote:


Hi Michael,
unfortunately, you're wrong. You need my patches to perform renegotiations at all, since the current implementation is broken in this respect. Technically, the abbreviated handshake is supported, but OpenSSL does not provide any API to initiate it without reconnecting. The functions for session handling can be used to save a session and reassign it before connecting to perform an abbreviated handshake. This has no effect on an established connections because your saving and overwriting the session with the same data without any further action. I already criticized this in a mail to the list but there were no answers beside the explanation how to use the session functions when reconnecting. 

Regards,
Robin

Am 20.01.2009 um 18:38 schrieb Michael Tüxen:


Hi Giang,

I think Robin tested it, so yes it works... But you need the bugfixes
he sent to the list...

Robin: Am I right?

Best regards
Michael

On Jan 20, 2009, at 5:59 PM, Giang Nguyen wrote:
I think I will go for the hack that misuses re-negotiation as a kind of heartbeat, keep alive or echo request. I tried to avoid this hack at first because it is a computational burden. AFAIK re-negotiation means restarting from scratch which means that expensive public key operations 
have to be performed.


to avoid expensive full handshakes, what about using sessions?
from what i read at http://tools.ietf.org/html/rfc4347#section-3, "To the greatest extent possible, DTLS is identical to TLS."
and from what i read at http://tools.ietf.org/html/rfc5238 section 3.4: "multiple DTLS connections can be resumed from the same DTLS session, each running over its own DCCP connection."
so my assumption here is that DTLS supports abbreviated handshakes for session resumptions. 

_________________________________________________________________
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_explore_012009______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org









______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to