Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DTLSConnection Id Support #113

Open
1 of 2 tasks
Codeglitches opened this issue May 26, 2024 · 1 comment
Open
1 of 2 tasks

DTLSConnection Id Support #113

Codeglitches opened this issue May 26, 2024 · 1 comment

Comments

@Codeglitches
Copy link

I am submitting a …

  • bug report
  • feature request

Description

Connection ID (CID) extension to DTLS is described in RFC 9146 (or draft-ietf-tls-dtls-connection-id-05 for legacy version).

From the mbedtls ssl.h file:

The DTLS CID extension allows the reliable association of
DTLS records to DTLS connections across changes in the
underlying transport (changed IP and Port metadata) by
adding explicit connection identifiers (CIDs) to the
headers of encrypted DTLS records. The desired CIDs are
configured by the application layer and are exchanged in
new ClientHello / ServerHello extensions during the
handshake, where each side indicates the CID it wants the
peer to use when writing encrypted messages. The CIDs are
put to use once records get encrypted: the stack discards
any incoming records that don't include the configured CID
in their header, and adds the peer's requested CID to the
headers of outgoing messages.

The draft (or legacy) version is supported since mbedtls 2.18.0. However the "final" RFC 9146 version is only supported from mbedtls version 3.3.0 onward. Unfortunately, the draft version is not compatible with the final version.

As python-mbeddtls is currently based on the 2.x version of mbedtls, I understand python-mbedtls needs to be ported to the 3.x virsion first. According to issue #46 from July 2021 moving to the 3.x version was in the planning for the future; maybe this could be a reason to make the future happen?

I am interested in helping to add CID support to python-mbedtls, but moving the project to version 3.x of mbedtls will be to much for me.

Current behavior

DTLS CID is not supported

Expected behavior

DTLS CID is supported

@Synss
Copy link
Owner

Synss commented May 27, 2024

Mbedtls 3 support is in progress when I have time.

https://github.com/Synss/python-mbedtls/tree/mbedtls-3.x

It’s actually more work than I expected. I will most likely remove a lot of things from python-mbedtls to concentrate on TLS and DTLS only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants