Thank you for your answers Nikos, more comments inline.
Currently there is no way to disable anti-replay protection. Would it
really matter though? If you say there are no replays over SCTP what
would this disabling buy?
I plan to use several streams over SCTP, and send my application
messages (Diameter messages) over each streams in turn.
Let's imagine I have a large message (1^14 bytes) followed by a series
of very short messages (few bytes). On the sending side, I am sending a
first record with sequence number #1 over stream #1, length is 1^14 (I
am simplifying). Then short record #2 over stream #2, record #3 over
stream #3, etc... Because the payload sizes are different, on the
receiving side the messages for streams #2, #3, ... get delivered first
and successfully parsed by the DTLS layer.
If I undertand correctly, the anti-replay protection might cause the
record with sequence #1 to be discarded if it is delivered "too late"
with respect to the sequence number. Is it correct? This would be an
issue for the upper layer, hence the requirement in RFC 6083 to disable it.
I apologize if my understanding is incorrect, I am new to DTLS...
No. gnutls_heartbeat_set_timeouts() is relevant to heartbeat message
retransmission, not the DTLS handshake.
Ok, thank you for the clarification. Then, the documentation of gnutls
is quite misleading :)
http://gnutls.org/manual/gnutls.html#index-gnutls_005fheartbeat_005fset_005ftimeouts
I think this is actually the same exact text as the
gnutls_dtls_set_timeouts() documentation (which I not seen before your
mail).
There is (again) no direct way
to disable those timeouts, but you can always set a retransmission
timeout that is larger than the total handshake timeout, which is
equivalent to having no retransmissions. You can set that using
gnutls_dtls_set_timeouts().
Thank you for the hint! I will do so.
Best regards,
Sebastien.
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help