Comments (7)
daenney
commented on July 26, 2024
@bocajim Would it be feasible to contribute TLS_PSK_WITH_AES_128_CCM_8 to this library instead?
from dtls.
Sean-Der
commented on July 26, 2024
Hey @daenney
That would be fantastic! I am open to any/all improvements to the library. We are missing features just because they were not needed for pions/webrtc. I don't think I will have a lot of time, but would love to help this land.
This change won't be trivial, but we should totally do it! We don't support PSK, so we will need to handle that. The actual encrypt/decrypt is easy to update we already support CBC and GCM so adding CCM shouldn't be bad!
Hopefully we don't have the break the API for existing users, but if it is needed I understand.
If you want to join our Slack I can help and will try to explain a little bit here also.
The communication is split up into 'flights', I designed it this way so we can handle retransmissions/out of order packets.
each side accepts incoming messages, and when we get everything we want we start processing code
each side just keeps re-sending until it gets to the next flight code
from dtls.
Sean-Der
commented on July 26, 2024
I started digging into this, the good news is OpenSSL does support PSK-AES128-CCM8
It is just a lot easier since my debug loop is much faster with OpenSSL (I just know the code base best)
thanks!
./openssl s_client -dtls1_2 -connect 127.0.0.1:5000 -psk abc123 -cipher PSK-AES128-CCM8
./openssl s_server -dtls1_2 -accept 5000 -nocert -psk abc123 -cipher PSK-AES128-CCM8
from dtls.
daenney
commented on July 26, 2024
Funky. I couldn't get it to show up in openssl ciphers on my side:
~ $ openssl ciphers | tr ':' "\n" | sort | grep -i psk
DHE-PSK-AES128-CBC-SHA
DHE-PSK-AES128-CBC-SHA256
DHE-PSK-AES128-GCM-SHA256
DHE-PSK-AES256-CBC-SHA
DHE-PSK-AES256-CBC-SHA384
DHE-PSK-AES256-GCM-SHA384
DHE-PSK-CHACHA20-POLY1305
ECDHE-PSK-AES128-CBC-SHA
ECDHE-PSK-AES128-CBC-SHA256
ECDHE-PSK-AES256-CBC-SHA
ECDHE-PSK-AES256-CBC-SHA384
ECDHE-PSK-CHACHA20-POLY1305
PSK-AES128-CBC-SHA
PSK-AES128-CBC-SHA256
PSK-AES128-GCM-SHA256
PSK-AES256-CBC-SHA
PSK-AES256-CBC-SHA384
PSK-AES256-GCM-SHA384
PSK-CHACHA20-POLY1305
RSA-PSK-AES128-CBC-SHA
RSA-PSK-AES128-CBC-SHA256
RSA-PSK-AES128-GCM-SHA256
RSA-PSK-AES256-CBC-SHA
RSA-PSK-AES256-CBC-SHA384
RSA-PSK-AES256-GCM-SHA384
RSA-PSK-CHACHA20-POLY1305
Glad you found it though!
from dtls.
Sean-Der
commented on July 26, 2024
@daenney what version of OpenSSL do you have, I was able to get this with OpenSSL 1.1.1b 26 Feb 2019
I also had to do openssl ciphers -V ALL@SECLEVEL=0; to see it
from dtls.
daenney
commented on July 26, 2024
Same: OpenSSL 1.1.1b 26 Feb 2019. I had no idea about -V ALL@SECLEVEL=0 , now I see it too. Sneaky.
from dtls.
Sean-Der
commented on July 26, 2024
Nice, I think that adds a whole new level of usefulness :)
Thank you so much for taking time for the reviews guys @daenney @igolaizola! If you guys have any opinions on things the library needs/where we should go next I am all ears :) I am back on Pion WebRTC for a while, but always ready to jump in
from dtls.
Related Issues (20)
- Handshake failed. Broken by #398 "Server chooses cipher suite not matching its certificate"
- Add support for ECDHE_PSK ciphers
- Server side only certs - openssl client - wrong certificate type HOT 2
- Change how we do temporary errors to match upstream HOT 1
- HelloRequest Handshake Type Support HOT 1
- Set sessionId in clienthello HOT 3
- Ed25519 keys are not fully supported. HOT 6
- E2E tests deadlock and consumes tons of CI minutes HOT 2
- Handshaker doesn't handle "Read retransmit" event HOT 1
- DTLS server does not handle retransmits of the client's last flight HOT 2
- not close udp conn when dtls handshake failed?
- Add Config.VerifyConnection callback
- noise feature? HOT 2
- Port old fuzzing code to Go's new fuzzing tools
- Connection timeout ignores configured context timeout HOT 6
- Allow supplying external crypto.Signer for TLS signature HOT 4
- OpenSSL E2E Tests are broken in Go 1.20 HOT 1
- Completed Handshake process without any certificate sent by the client HOT 5
- when connecting new listener, bind:already in use error occurs HOT 2
- about pmtu and message too long error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dtls.