On Fri, 2009-11-27 at 18:04 +0100, Stephen Henson via RT wrote: > Couple of quick questions about this patch. Do we really need to > reimplement this for DTLS? Isn't there some way DTLS could share the TLS > extension code? I'd imagine that some existing TLS extensions such as > servername or session tickets might be useful for DTLS as well as the EC > curve ones. > > I also notice we have s->version checks in several places including the > standard version and the DTLS_BAD_VER. I'm wondering if checking the > method would be simpler once it has been assigned e.g. > ssl->method->version == DTLS1_VERSION
FWIW I don't think we need any renegotiation support for DTLS_BAD_VER, if it's only kept around for Cisco compatibility. Or even for negotiation at all, for that matter. We "jump-start" the session, and it's always just a "resumed" session as far as OpenSSL is concerned. http://git.infradead.org/users/dwmw2/openconnect.git/blob/3faf3717:/dtls.c#l106 -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
