wolfSSL provides a robust and secure DTLS 1.2 implementation. During the handshake process, wolfSSL will re-send its previous flight of messages in the following circumstances:
- a network timeout has occurred waiting on data to arrive for processing
- the last message of the peer’s current flight has been received out of order
- a duplicate of the first message of the peer’s current flight has been received
These steps aim to provide a fast and reliable connection process. Unfortunately, the latter two cases may cause wolfSSL to use up more bandwidth than would be necessary for the handshake. If network bandwidth is at a premium for you and you are less worried about latency, then wolfSSL 4.7.0 has introduced a new macro: WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT.
Compile wolfSSL with this macro, either by adding it to your configure command (for example ./configure --enable-dtls CPPFLAGS=-DWOLFSSL_DTLS_RESEND_ONLY_TIMEOUT) or by defining it in your user_setting.h header file. This macro instructs wolfSSL to only re-send its last flight of messages on a network timeout. In practice, wolfSSL will wait longer before re-sending handshake messages so that re-ordered messages get a chance to be processed and duplicate messages don’t trigger re-sends.
If you are interested in using the new features available in wolfSSL 4.7.0, please contact us at facts@wolfssl.com.