wolfSSL - Embedded SSL Library — Don't send HelloVerifyRequest on DTLS handshake?

Re: Don't send HelloVerifyRequest on DTLS handshake?

null@example.com (kmackay) — Wed, 16 Mar 2011 00:24:04 +0000

Our application sends datagrams, some of which are unreliable and may be dropped at any time. Therefore I think we can't easily use TLS.

I'll see if I can figure out what to change to remove the HelloVerifyRequest myself... if I get it working should I submit a patch or something?

-Ken

Re: Don't send HelloVerifyRequest on DTLS handshake?

null@example.com (todd) — Tue, 15 Mar 2011 23:45:34 +0000

Not currently. It's one of the strange things about DTLS. It not only eliminates the advantage UDP has over TCP in terms of startup, it actually makes it worse. And it basically requires full TCP semantics during the handshake removing the 2nd advantage. The other advantage is broadcasting but I'm not sure if that could even work with DTLS since each client will have different keys because of the way the handshake is designed.

You may be better off using TLS but overwriting the underlying I/O like you've been doing?

Don't send HelloVerifyRequest on DTLS handshake?

null@example.com (kmackay) — Tue, 15 Mar 2011 23:31:14 +0000

The usual DTLS handshake requires 3 round trips (from RFC 4347):

Client Server

ClientHello -------->

<------- HelloVerifyRequest

ClientHello -------->

ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone

Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->

[ChangeCipherSpec]
<-------- Finished

However, in certain cases, it is desirable to reduce the number of round trips for connection. For example, when doing satellite communications, round trip time can be 4+ seconds. In these cases, it is nice to be able to disable the HelloVerifyRequest portion of the handshake (the first two steps), so that only 2 round trips are required.

Is there any way to do this with wolfSSL?

-Ken