[gnutls-help] Disable anti-replay protection in DTLS ?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jun 7 14:37:35 CEST 2013
On Fri, Jun 7, 2013 at 12:09 PM, Sebastien Decugis
<sdecugis at freediameter.net> wrote:
> Hello,
> I am looking at implementing DTLS over SCTP (as per RFC 6083) in my application, and I noticed that one of the requirements is to disable the anti-replay protection, as the higher layer expects reliable delivery above SCTP link. Could you tell me if this can be done with GNUTLS ? I was not able to find any information in gnutls manual about this feature.
Hello,
Currently there is no way to disable anti-replay protection. Would it
really matter though? If you say there are no replays over SCTP what
would this disabling buy?
> I also noticed that the retransmissions must be disabled for the handshake protocol, I think this can be done with gnutls_heartbeat_set_timeouts by setting a retrains_timeout greater than the total_timeout; can you confirm?
No. gnutls_heartbeat_set_timeouts() is relevant to heartbeat message
retransmission, not the DTLS handshake. There is (again) no direct way
to disable those timeouts, but you can always set a retransmission
timeout that is larger than the total handshake timeout, which is
equivalent to having no retransmissions. You can set that using
gnutls_dtls_set_timeouts().
regards,
Nikos
More information about the Gnutls-help
mailing list