Re: Disable TLS Renegociation ?

2024-04-24 Thread Simon Bernard
files for the IoT", too bad. Simon Le 23/04/2024 à 15:29, Sean Mullan a écrit : On 4/23/24 5:54 AM, Simon Bernard wrote: Hi, I'm implementing coaps+tcp (Coap over TLS) for LWM2M protocol. In this context, I would like to disable TLS renegotiation because : * by the past we faces secu

Bad exception message in SSLHandshakeException ?

2024-04-24 Thread Simon Bernard
Hi, I think that maybe I found a bad message for SSLHanshakeException in sun.security.ssl.CertificateMessage. At server side configured with *CLIENT_AUTH_REQUIRED*, I get this SSLHanshakeException when trying to connect with a client sending an empty cert chain : |Caused by:

Disable TLS Renegociation ?

2024-04-23 Thread Simon Bernard
Hi, I'm implementing coaps+tcp (Coap over TLS) for LWM2M protocol. In this context, I would like to disable TLS renegotiation because : * by the past we faces security issue about it * it doesn't really make sense to use it  with those protocols (better to not increase the attack surface

Re: Key Missing Feature for IoT

2024-04-09 Thread Simon Bernard
:07, Sean Mullan a écrit : Hi Simon, On 4/8/24 10:12 AM, Simon Bernard wrote: Hi Sean,    Thx for warning me about that.    I understand that maybe this is too soon for contributing code ? and also that finally this not so sure that you want to integrate (D)TLS feature that I mentioned previously

Re: Key Missing Feature for IoT

2024-04-08 Thread Simon Bernard
e the keys? Cheers, Daniel wt., 19 mar 2024 o 16:36 Simon Bernard napisał(a): Well I think AES-CCM is a decent candidate to start. OK, I will probably take time to see if this is something within my reach. (I have limited time by week to give on that and not an expert on this topic, so this w

Re: Key Missing Feature for IoT

2024-03-19 Thread Simon Bernard
of the API changes, together with an example of how this would look from the API consumer side, this would be a good starting point for a discussion. I know this is a lot to ask, but this is necessary to make progres on the PSK. Cheers, Daniel pt., 15 mar 2024 o 16:43 Simon Bernard napisał

Re: Key Missing Feature for IoT

2024-03-15 Thread Simon Bernard
of available PSKs? Will we need an API change? If not, which of the available APIs will we use to configure the keys? Cheers, Daniel pt., 15 mar 2024 o 11:58 Simon Bernard napisał(a): Hi Daniel, Thx for quick answer. For PSK and AES, if this is added then this will be also for TLS ? (not only DTLS

Re: Key Missing Feature for IoT

2024-03-15 Thread Simon Bernard
It makes perfect sense to add these features to the OpenJDK. They were never high enough on the priority list to get implemented. Help is welcome. Cheers, Daniel czw., 14 mar 2024 o 17:31 Simon Bernard napisał(a): Hi all, I'm the main Maintainer of Leshan. An open Source Java Implementation of L

Key Missing Feature for IoT

2024-03-14 Thread Simon Bernard
Hi all, I'm the main Maintainer of *Leshan* . An open Source Java Implementation of *LWM2M * protocol. *LWM2M* is mainly based on *coap* and *coap+tcp* protocol. Security