PROBLEM WITH DTLS VERSION 1.2 SERVER SIDE IMPLEMENTATION

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PROBLEM WITH DTLS VERSION 1.2 SERVER SIDE IMPLEMENTATION

Zarkar, Nilesh (Contractor)
Hello,

Can anybody help me does bouncy castle version latest version 1.60 support DTLS 1.2 Server side implementation ?

https://www.bouncycastle.org/releasenotes.html
Referring to the comment in above link .
"Client side support and some server side support has been added for TLS/DTLS 1.2."
If bouncy castle 1.6 (Java) fully compliant with server side DTLS implementation for version V1.2 ?

I am using libjitsi (which uses bouncy castle version 1.54) and would like to bring to your notice the following comment  in one the libjitsi class TlsServerImpl

/**
     * {@inheritDoc}
     *
     * The implementation of <tt>TlsServerImpl</tt> always returns
     * <tt>ProtocolVersion.DTLSv10</tt> because <tt>ProtocolVersion.DTLSv12</tt>
     * does not work with the Bouncy Castle Crypto APIs at the time of this
     * writing.
     */
    @Override
    protected ProtocolVersion getMaximumVersion()
    {
        return ProtocolVersion.DTLSv10;
    }

Basically when I get Client Hello from the DTLS client  with DTLS version v1.2, DTLS Server sends Server Hello with DTLS version 1.0 and Client responds back with "Fatal error : Protocol Version"

Thanks,
Nilesh

Reply | Threaded
Open this post in threaded view
|

Re: PROBLEM WITH DTLS VERSION 1.2 SERVER SIDE IMPLEMENTATION

Tim Panton new


> On 19 Oct 2018, at 13:09, Zarkar, Nilesh (Contractor) <[hidden email]> wrote:
>
> Hello,
>
> Can anybody help me does bouncy castle version latest version 1.60 support DTLS 1.2 Server side implementation ?
>
> https://www.bouncycastle.org/releasenotes.html
> Referring to the comment in above link .
> "Client side support and some server side support has been added for TLS/DTLS 1.2."
> If bouncy castle 1.6 (Java) fully compliant with server side DTLS implementation for version V1.2 ?
>
> I am using libjitsi (which uses bouncy castle version 1.54) and would like to bring to your notice the following comment  in one the libjitsi class TlsServerImpl
>
> /**
>      * {@inheritDoc}
>      *
>      * The implementation of <tt>TlsServerImpl</tt> always returns
>      * <tt>ProtocolVersion.DTLSv10</tt> because <tt>ProtocolVersion.DTLSv12</tt>
>      * does not work with the Bouncy Castle Crypto APIs at the time of this
>      * writing.
>      */
>     @Override
>     protected ProtocolVersion getMaximumVersion()
>     {
>         return ProtocolVersion.DTLSv10;
>     }
>
> Basically when I get Client Hello from the DTLS client  with DTLS version v1.2, DTLS Server sends Server Hello with DTLS version 1.0 and Client responds back with "Fatal error : Protocol Version"

That seems entirely consistent with a _maximum_ version of 1.0 :-)

I can confirm that 1.60 works ok to serve DTLS 1.2 against webRTC clients (which is what I assume you want)
However I've only tested the _new_ org.bouncycastle.tls.* API, not the old deprecated one I think Jitsi is using.

T.
 

>
> Thanks,
> Nilesh
>