On Fri, Jun 7, 2013 at 12:09 PM, Sebastien Decugis <[email protected]> wrote: > Hello, > I am looking at implementing DTLS over SCTP (as per RFC 6083) in my > application, and I noticed that one of the requirements is to disable the > anti-replay protection, as the higher layer expects reliable delivery above > SCTP link. Could you tell me if this can be done with GNUTLS ? I was not able > to find any information in gnutls manual about this feature.
Hello, Currently there is no way to disable anti-replay protection. Would it really matter though? If you say there are no replays over SCTP what would this disabling buy? > I also noticed that the retransmissions must be disabled for the handshake > protocol, I think this can be done with gnutls_heartbeat_set_timeouts by > setting a retrains_timeout greater than the total_timeout; can you confirm? No. gnutls_heartbeat_set_timeouts() is relevant to heartbeat message retransmission, not the DTLS handshake. There is (again) no direct way to disable those timeouts, but you can always set a retransmission timeout that is larger than the total handshake timeout, which is equivalent to having no retransmissions. You can set that using gnutls_dtls_set_timeouts(). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
