Hi all,
I've been experimenting with the DTLS support in OpenSSL recently and
discovered that my application was receiving garbage data when packets
were lost or reordered. Closer inspection explained why: I was only
enabling cipher suites which either used stream ciphers like RC4 or block
ciphers like AES with block chaining (which makes it effectively a stream
cipher). So losing a packet prevented proper decoding of any subsequent
packets.
I have two questions:
1. OpenSSL already disallows RC4 in dtls1_get_cipher. Would it make
sense to also disallow any suite that uses e.g. CBC?
2. Which non-null cipher suites are appropriate for use with DTLSv1 (i.e.
robust to packet loss and reordering)? So far, I haven't found one that
works.
Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
