[gnutls-help] Disable anti-replay protection in DTLS ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jun 7 14:37:35 CEST 2013

On Fri, Jun 7, 2013 at 12:09 PM, Sebastien Decugis
<sdecugis at freediameter.net> wrote:
> Hello,
> I am looking at implementing DTLS over SCTP (as per RFC 6083) in my application, and I noticed that one of the requirements is to disable the anti-replay protection, as the higher layer expects reliable delivery above SCTP link. Could you tell me if this can be done with GNUTLS ? I was not able to find any information in gnutls manual about this feature.

 Currently there is no way to disable anti-replay protection. Would it
really matter though? If you say there are no replays over SCTP what
would this disabling buy?

> I also noticed that the retransmissions must be disabled for the handshake protocol, I think this can be done with gnutls_heartbeat_set_timeouts by setting a retrains_timeout greater than the total_timeout; can you confirm?

No. gnutls_heartbeat_set_timeouts() is relevant to heartbeat message
retransmission, not the DTLS handshake. There is (again) no direct way
to disable those timeouts, but you can always set a retransmission
timeout that is larger than the total handshake timeout, which is
equivalent to having no retransmissions. You can set that using


More information about the Gnutls-help mailing list