Re: Disable TLS Renegociation ?

2024-04-24 Thread Simon Bernard
s for the IoT", too bad. Simon Le 23/04/2024 à 15:29, Sean Mullan a écrit : On 4/23/24 5:54 AM, Simon Bernard wrote: Hi, I'm implementing coaps+tcp (Coap over TLS) for LWM2M protocol. In this context, I would like to disable TLS renegotiation because : * by the past we faces

Bad exception message in SSLHandshakeException ?

2024-04-24 Thread Simon Bernard
Hi, I think that maybe I found a bad message for SSLHanshakeException in sun.security.ssl.CertificateMessage. At server side configured with *CLIENT_AUTH_REQUIRED*, I get this SSLHanshakeException when trying to connect with a client sending an empty cert chain : |Caused by: javax.net.ssl.

Disable TLS Renegociation ?

2024-04-23 Thread Simon Bernard
Hi, I'm implementing coaps+tcp (Coap over TLS) for LWM2M protocol. In this context, I would like to disable TLS renegotiation because : * by the past we faces security issue about it * it doesn't really make sense to use it  with those protocols (better to not increase the attack surface f

Re: Key Missing Feature for IoT

2024-04-09 Thread Simon Bernard
09/04/2024 à 15:07, Sean Mullan a écrit : Hi Simon, On 4/8/24 10:12 AM, Simon Bernard wrote: Hi Sean,    Thx for warning me about that.    I understand that maybe this is too soon for contributing code ? and also that finally this not so sure that you want to integrate (D)TLS feature t

Re: Key Missing Feature for IoT

2024-04-08 Thread Simon Bernard
he user going to configure the keys? Cheers, Daniel wt., 19 mar 2024 o 16:36 Simon Bernard napisał(a): Well I think AES-CCM is a decent candidate to start. OK, I will probably take time to see if this is something within my reach. (I have limited time by week to give on that and not an expert

Re: Key Missing Feature for IoT

2024-03-19 Thread Simon Bernard
re complete proposal of the API changes, together with an example of how this would look from the API consumer side, this would be a good starting point for a discussion. I know this is a lot to ask, but this is necessary to make progres on the PSK. Cheers, Daniel pt., 15 mar 2024 o 16:43 Simo

Re: Key Missing Feature for IoT

2024-03-15 Thread Simon Bernard
the user configure the list of available PSKs? Will we need an API change? If not, which of the available APIs will we use to configure the keys? Cheers, Daniel pt., 15 mar 2024 o 11:58 Simon Bernard napisał(a): Hi Daniel, Thx for quick answer. For PSK and AES, if this is added then this will be

Re: Key Missing Feature for IoT

2024-03-15 Thread Simon Bernard
makes perfect sense to add these features to the OpenJDK. They were never high enough on the priority list to get implemented. Help is welcome. Cheers, Daniel czw., 14 mar 2024 o 17:31 Simon Bernard napisał(a): Hi all, I'm the main Maintainer of Leshan. An open Source Java Implementation of

Key Missing Feature for IoT

2024-03-14 Thread Simon Bernard
Hi all, I'm the main Maintainer of *Leshan* . An open Source Java Implementation of *LWM2M * protocol. *LWM2M* is mainly based on *coap* and *coap+tcp* protocol. Security i