On Mon, Jun 23, 2014 at 9:14 AM, Sandeep Kumar <[email protected]> wrote: > Hi, > I've implemented a test program for server and client using the existing > example of gnu-tls. This program emulates DTLS handshake over SCTP. > There are several messages starting from client hello then hello verify > request etc. > All i want to know is that whether is it mandatory for server to verify the > cookie for DTLS because if its case of SCTP the same is already done while > complete SCTP Handshake.
A server doesn't need to send cookies, unless you want to protect from a denial of service attack (possible under UDP, no idea whether possible under SCTP). For more information see: http://gnutls.org/manual/html_node/DTLS-sessions.html#DTLS-sessions regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
