Re: How to detect dead peers with DTLS?

Wed, 21 Jan 2009 00:55:10 -0800 

Hi Michael,
unfortunately, you're wrong. You need my patches to perform renegotiations at all, since the current implementation is broken in this respect. Technically, the abbreviated handshake is supported, but OpenSSL does not provide any API to initiate it without reconnecting. The functions for session handling can be used to save a session and reassign it before connecting to perform an abbreviated handshake. This has no effect on an established connections because your saving and overwriting the session with the same data without any further action. I already criticized this in a mail to the list but there were no answers beside the explanation how to use the session functions when reconnecting. 

Regards,
Robin

Am 20.01.2009 um 18:38 schrieb Michael Tüxen:


Hi Giang,

I think Robin tested it, so yes it works... But you need the bugfixes
he sent to the list...

Robin: Am I right?

Best regards
Michael

On Jan 20, 2009, at 5:59 PM, Giang Nguyen wrote:




I think I will go for the hack that misuses re-negotiation as a  
kind of

heartbeat, keep alive or echo request. I tried to avoid this hack at

first because it is a computational burden. AFAIK re-negotiation  
means
restarting from scratch which means that expensive public key  
operations

have to be performed.


to avoid expensive full handshakes, what about using sessions?


from what i read at http://tools.ietf.org/html/rfc4347#section-3,  
"To the greatest extent possible, DTLS is identical to TLS."



and from what i read at http://tools.ietf.org/html/rfc5238 section  
3.4: "multiple DTLS connections can be resumed from the same DTLS  
session, each running over its own DCCP connection."



so my assumption here is that DTLS supports abbreviated handshakes  
for session resumptions.


_________________________________________________________________
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_explore_012009______________________________________________________________________

OpenSSL Project                                 http:// 
www.openssl.org
User Support Mailing List                    openssl- 
us...@openssl.org
Automated List Manager                            
majord...@openssl.org






______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to