Well due to the unstable API when using system libraries I guess the optimal solution in this case would be add the SpongyCastle Security Provider that offer SSL/TLS and extend it with DTLS. This should increase the portability and ease of use.
On Saturday, 17 March 2012 02:58:21 UTC+1, Jeffrey Walton wrote: > > On Fri, Mar 16, 2012 at 8:23 PM, Brian Carlstrom <[email protected]> wrote: > > if by "android provider" the java.security.Provider, it doesn't have DTLS > > support. I thought the D stood for datagram, what API would you use? not > > SSLSocket. SSLEngine? that isn't wired up to OpenSSL. > I didn't find any API that allows Datagram TLS yet, hence I think it will be needed to extend the current API based on TCP Socket and use a Datagram Socket > I'm not sure what would be used for DTLS in OpenSSL (and I'm too lazy > to browse the sources at the moment). I still remember all the > problems with IPSec and UDP, and I'm not looking forward to key > exchange using fire-and-forget datagrams. > > Jeff > > On Fri, Mar 16, 2012 at 5:19 PM, Jeffrey Walton <[email protected]> > wrote: > >> > >> On Fri, Mar 16, 2012 at 10:44 AM, Echelon <[email protected]> wrote: > >> > First of all thanks for the quick reply. > >> > > >> > I am trying to proceed by steps: > >> > Since by default the OpenSSL provider is included among the android > >> > security > >> > providers, and SSL/TLS is enabled as well, I would use this protocol > >> > before > >> > doing what suggested. > >> The default provider might not have DTLS, and if it does, it is might > >> be defective. http://www.openssl.org/news/secadv_20120104.txt. > >> > >> > The problem is that I couldn't find a way to do it, using from the > >> > android > >> > app (Java) the OpenSSL implementation of SSL/TLS, that I know happens > >> > via a > >> > JNI call. > >> Probably does not have DTLS support. > >> > >> nm -D --extern-only --defined-only <openssl library>. will let you > >> know what the library is exporting. Pipe it through grep(1) and look > >> for the DTLS gear. > >> > >> Jeff > >> > >> > On Friday, 16 March 2012 15:18:51 UTC+1, Jeffrey Walton wrote: > >> >> > >> >> > Hi, > >> >> > I am trying to figure out how can I create a client/server > >> >> > application > >> >> > using > >> >> > DTLS from either OpenSSL or CyaSSL, or even BouncyCastle > >> >> > (SpongyCastle) > >> >> > modifying the sources but I am encountering difficulties in loading > >> >> > the > >> >> > context and specifying the DTLS method in a datagram socket. > >> >> > Anyone has experience or link to guidelines? > >> >> DTLS is in OpenSSL. Fetch the sources from HEAD, and build similar to > >> >> > >> >> > >> >> > https://github.com/fries/android-external-openssl/blob/master/README.android > . > >> >> > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/vwyzJrDlgboJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
