Comments (6)
reklatsmasters
commented on May 26, 2024
@ubx-caloca How about PSK key exchange? Is your device support TLS_PSK_WITH_AES_128_GCM_SHA256 cipher suite?
from dtls.
ubx-caloca
commented on May 26, 2024
it's a requirement ( I wish it wasn't :)). I need to talk to a device that supports both TLS_PSK_WITH_AES_128_CCM_8 and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 with Raw Public Key.
from dtls.
reklatsmasters
commented on May 26, 2024
AES_128_CCM_8 cipher is deprecated. I do not want to implement deprecated ciphers. I suggest you to choose a cipher without _8 part.
from dtls.
ubx-caloca
commented on May 26, 2024
As I said before, its a requirement, sadly I cannot choose here. Actually, AES_128_CCM_8 is currently used for constraining environments. It's a mandatory-to-implement cipher suite for secure coap (rfc 7252). You can also check the description of the tinydtls project that is target specifically for that scenario (https://projects.eclipse.org/proposals/tinydtls).
It would be nice to have a pure nodejs dtls implementation that we can use to talk to those devices.
from dtls.
reklatsmasters
commented on May 26, 2024
@ubx-caloca RFC8323 explains TLS usage for CoAP. I think i may create TLS_PSK_WITH_AES_128_CCM_8 cipher suite (see RFC7925). This is the simplest way.
The TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite required the "cached_info" extension from RFC7924. I do not want to implement any resource management system right now.
In this case, #20 required. I'm working on PSK key exchange.
from dtls.
reklatsmasters
commented on May 26, 2024
@ubx-caloca Sorry, i changed my plans. I will not add new key exchange types in the near future. Itβs hard to maintain by oneself.
I suggest you use native bindings.
from dtls.
Related Issues (20)
- Error: Invalid key length when TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher selected
- Incorrect CertificateRequest message
- Cannnot connect to the server with client certificate
- options.socket should be duplex stream or dgram.
- Drop aes-ccm block cipher
- Specified custom port doesn't seem to work HOT 4
- Explicitly verify server finished checksum
- remove `bl`, use `binary-data` instead
- Add use_srtp extension HOT 9
- Module not found: Error: Can't resolve 'lib/socket' HOT 8
- Add an integration tests for an every cipher suite
- Improve chacha20-poly1305 detection.
- Resume session
- TLS_RSA_WITH_AES_128_CBC_SHA (x002f) cipher suite HOT 3
- add connection_id extension
- DTLS Server Side implementation HOT 4
- doesnt work HOT 1
- Client connection to openssl server fails
- Connecting to IPv6 address does not work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dtls.