Topic: DTLS over arbitrary protocols

I am interested in using wolfSSL for DTLS over arbitrary protocols (eg serial, bluetooth, ... not just UDP). Currently we do this with OpenSSL by setting up the read and write BIOs to be memory BIOs. Then when we send data, we call SSL_write() and then read the encrypted data out of the write BIO to send over whatever the protocol is; when we receive data from the remote side, we write it into the read BIO and then call SSL_read().

Is there a way to do something similar with the wolfSSL API? It seems like maybe the CBIORecv/CBIOSend function pointers could be set up in the SSL context to do what I want; is this correct?

I am also wondering if there is a way to set the MTU so that we can read/write chunks larger than 1500 bytes.

Share

Re: DTLS over arbitrary protocols

Hi,

Yes, you can use the CBIORecv/CBIOSend function pointers to point to your own custom I/O functions (you can use the EmbedSend() and EmbedReceive() functions as templates and guides).  You would then be able to hand off the data buffer to one of your other protocols from within your custom send function and bring it back to wolfSSL with your custom receive function.

Why do you want to use DTLS?

Regards,
Chris

Re: DTLS over arbitrary protocols

OK, thanks. I will give it a try. We have also tried Mocana (http://www.mocana.com/nanodtls.html) but it looks like wolfSSL embedded SSL could be better in many respects.

The reason we use DTLS is that we have a datagram-oriented system which works over many different protocols. We support both reliable and unreliable data, so one requirement is that data can be dropped. It seemed to me that DTLS was a better fit for these requirements than TLS.

On a separate note, I noticed that there are some defines and stub files for ECC, but the implementation is not present. Is there a separate download for the ECC implementation, or is that planned for the future?

-Ken

Share

Re: DTLS over arbitrary protocols

Ken,

Glad to hear you're happy with wolfSSL!  You're correct, DTLS sounds like it would be the best option to me as well. 

If you update to the latest version of wolfSSL from GitHub (https://github.com/wolfSSL/wolfssl), you can adjust the MTU size by altering MAX_MTU in internal.h.  As for the ECC stuff, it's currently undetermined when the official release will be.

- Chris

Re: DTLS over arbitrary protocols

OK, I got it to work. I had to change MAX_UDP_SIZE in addition to MAX_MTU.

-Ken

Share

Re: DTLS over arbitrary protocols

Good to hear.  We'll add that to our documentation.

- Chris