On Jan 20, 2009, at 9:58 PM, Robin Seggelmann wrote:
Hi Michael,
since there seems to be no function, option or whatever to trigger
session resumption for an established connection, I would have to
modify the API to add this functionality. This is kind of critical
because it would not only affect DTLS but also TLS which supports
session resumption, too. In my opinion neither a DTLS specific
method nor an untested generic method is a good solution.
Understood and agreed.
Regards,
Robin
Am 20.01.2009 um 19:42 schrieb Michael Tüxen:
Hi Robin,
what would be needed to add support for renegotiations in DTLS?
Best regards
Michael
On Jan 20, 2009, at 7:01 PM, Robin Seggelmann wrote:
Hi Michael,
unfortunately, you're wrong. You need my patches to perform
renegotiations at all, since the current implementation is broken
in this respect. Technically, the abbreviated handshake is
supported, but OpenSSL does not provide any API to initiate it
without reconnecting. The functions for session handling can be
used to save a session and reassign it before connecting to
perform an abbreviated handshake. This has no effect on an
established connections because your saving and overwriting the
session with the same data without any further action. I already
criticized this in a mail to the list but there were no answers
beside the explanation how to use the session functions when
reconnecting.
Regards,
Robin
Am 20.01.2009 um 18:38 schrieb Michael Tüxen:
Hi Giang,
I think Robin tested it, so yes it works... But you need the
bugfixes
he sent to the list...
Robin: Am I right?
Best regards
Michael
On Jan 20, 2009, at 5:59 PM, Giang Nguyen wrote:
I think I will go for the hack that misuses re-negotiation as a
kind of
heartbeat, keep alive or echo request. I tried to avoid this
hack at
first because it is a computational burden. AFAIK re-
negotiation means
restarting from scratch which means that expensive public key
operations
have to be performed.
to avoid expensive full handshakes, what about using sessions?
from what i read at http://tools.ietf.org/html/
rfc4347#section-3, "To the greatest extent possible, DTLS is
identical to TLS."
and from what i read at http://tools.ietf.org/html/rfc5238
section 3.4: "multiple DTLS connections can be resumed from the
same DTLS session, each running over its own DCCP connection."
so my assumption here is that DTLS supports abbreviated
handshakes for session resumptions.
_________________________________________________________________
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_explore_012009______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
