<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>I would like to know if this is possible to make gnuTLS works as
a DTLS client and server on the same address/port? (using PSK, RPK
and X509)</p>
<p>Maybe this sounds a bit strange and I will give some context to
understand.</p>
<p>I’m working on <a
href="http://openmobilealliance.org/release/LightweightM2M/V1_0_2-20180209-A/OMA-TS-LightweightM2M-V1_0_2-20180209-A.pdf"
rel="nofollow noopener">LWM2M protocol</a> which is based on <a
href="https://tools.ietf.org/html/rfc7252" rel="nofollow

noopener">CoAP</a> and DTLS. LWM2M supports PSK, RPK and X509.</p>
<p>I’m currently searching <a
href="https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/issues/410"
rel="nofollow noopener">how to handle server failover in “server
initiated mode”</a>.</p>
<p>Here is a brief explanation of how it works.</p>
<ol>
<li>The device has an static/fixed IP address/port.</li>
<li>The device establishes DTLS connection.</li>
<li>The device registers to the server (server has also a
static/fixed IP address/port)</li>
<li>Later, server sends request to a registered client.</li>
</ol>
<p>If the server still have a DTLS connection to the device there is
no issue !<br>
Now imagine the DTLS connection is lost (e.g. crash/reboot), we
still know the device address (registration is persisted) but we
don’t have any DTLS connection to it.</p>
<p>So a solution could be to make the LWM2M server act as a DTLS
client and so the LWM2M device should act as a DTLS server.</p>
<p>Just to let you know, the java <a
href="https://github.com/eclipse/californium/"
rel="nofollow
 noopener">scandium</a> library from
californium can act like this.</p>
<p>Here a wireshark capture done using scandium at device(port
36038) and server(port 5684) side. (using PSK)</p>
<pre><code class="hljs css"><span class="hljs-selector-tag">No</span>. <span class="hljs-selector-tag">Time</span> <span class="hljs-selector-tag">Source</span> <span class="hljs-selector-tag">Destination</span> <span class="hljs-selector-tag">SrcPort</span> <span class="hljs-selector-tag">DesPort</span> <span class="hljs-selector-tag">Protocol</span> <span class="hljs-selector-tag">Length</span> <span class="hljs-selector-tag">Info</span>
1 0<span class="hljs-selector-class">.000000000</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 133 <span class="hljs-selector-tag">Client</span> <span class="hljs-selector-tag">Hello</span>
2 0<span class="hljs-selector-class">.000359644</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 102 <span class="hljs-selector-tag">Hello</span> <span class="hljs-selector-tag">Verify</span> <span class="hljs-selector-tag">Request</span>
3 0<span class="hljs-selector-class">.005001722</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 165 <span class="hljs-selector-tag">Client</span> <span class="hljs-selector-tag">Hello</span>
4 0<span class="hljs-selector-class">.005626495</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 162 <span class="hljs-selector-tag">Server</span> <span class="hljs-selector-tag">Hello</span>, <span class="hljs-selector-tag">Server</span> <span class="hljs-selector-tag">Hello</span> <span class="hljs-selector-tag">Done</span>
5 0<span class="hljs-selector-class">.042162424</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 147 <span class="hljs-selector-tag">Client</span> <span class="hljs-selector-tag">Key</span> <span class="hljs-selector-tag">Exchange</span>, <span class="hljs-selector-tag">Change</span> <span class="hljs-selector-tag">Cipher</span> <span class="hljs-selector-tag">Spec</span>, <span class="hljs-selector-tag">Encrypted</span> <span class="hljs-selector-tag">Handshake</span> <span class="hljs-selector-tag">Message</span>
6 0<span class="hljs-selector-class">.061195906</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 109 <span class="hljs-selector-tag">Change</span> <span class="hljs-selector-tag">Cipher</span> <span class="hljs-selector-tag">Spec</span>, <span class="hljs-selector-tag">Encrypted</span> <span class="hljs-selector-tag">Handshake</span> <span class="hljs-selector-tag">Message</span>
7 0<span class="hljs-selector-class">.062815631</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 179 <span class="hljs-selector-tag">Application</span> <span class="hljs-selector-tag">Data</span> (<span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">REGISTER</span> <span class="hljs-selector-tag">request</span> <span class="hljs-selector-tag">from</span> <span class="hljs-selector-tag">device</span>)
8 0<span class="hljs-selector-class">.081334961</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 97 <span class="hljs-selector-tag">Application</span> <span class="hljs-selector-tag">Data</span> (<span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">REGISTER</span> <span class="hljs-selector-tag">response</span> <span class="hljs-selector-tag">from</span> <span class="hljs-selector-tag">server</span>)
9 8<span class="hljs-selector-class">.483287786</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 90 <span class="hljs-selector-tag">Application</span> <span class="hljs-selector-tag">Data</span> (<span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">READ</span> <span class="hljs-selector-tag">request</span> <span class="hljs-selector-tag">from</span> <span class="hljs-selector-tag">server</span>)
10 8<span class="hljs-selector-class">.496936449</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 213 <span class="hljs-selector-tag">Application</span> <span class="hljs-selector-tag">Data</span> (<span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">READ</span> <span class="hljs-selector-tag">response</span> <span class="hljs-selector-tag">from</span> <span class="hljs-selector-tag">client</span>)
### <span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">Server</span> (5684) <span class="hljs-selector-tag">Reboot</span> <span class="hljs-selector-tag">and</span> <span class="hljs-selector-tag">so</span> <span class="hljs-selector-tag">lost</span> <span class="hljs-selector-tag">its</span> <span class="hljs-selector-tag">DTLS</span> <span class="hljs-selector-tag">connection</span> <span class="hljs-selector-tag">to</span> <span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">device</span> (36038), ...
### ... <span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">Server</span> <span class="hljs-selector-tag">will</span> <span class="hljs-selector-tag">establish</span> <span class="hljs-selector-tag">a</span> <span class="hljs-selector-tag">new</span> <span class="hljs-selector-tag">connection</span> <span class="hljs-selector-tag">and</span> <span class="hljs-selector-tag">so</span> <span class="hljs-selector-tag">act</span> <span class="hljs-selector-tag">as</span> <span class="hljs-selector-tag">a</span> <span class="hljs-selector-tag">DTLS</span> <span class="hljs-selector-tag">client</span>.
11 24<span class="hljs-selector-class">.079310967</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 151 <span class="hljs-selector-tag">Client</span> <span class="hljs-selector-tag">Hello</span>
12 24<span class="hljs-selector-class">.080362291</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 102 <span class="hljs-selector-tag">Hello</span> <span class="hljs-selector-tag">Verify</span> <span class="hljs-selector-tag">Request</span>
13 24<span class="hljs-selector-class">.083452354</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 183 <span class="hljs-selector-tag">Client</span> <span class="hljs-selector-tag">Hello</span>
14 24<span class="hljs-selector-class">.085327257</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 162 <span class="hljs-selector-tag">Server</span> <span class="hljs-selector-tag">Hello</span>, <span class="hljs-selector-tag">Server</span> <span class="hljs-selector-tag">Hello</span> <span class="hljs-selector-tag">Done</span>
15 24<span class="hljs-selector-class">.110637371</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 147 <span class="hljs-selector-tag">Client</span> <span class="hljs-selector-tag">Key</span> <span class="hljs-selector-tag">Exchange</span>, <span class="hljs-selector-tag">Change</span> <span class="hljs-selector-tag">Cipher</span> <span class="hljs-selector-tag">Spec</span>, <span class="hljs-selector-tag">Encrypted</span> <span class="hljs-selector-tag">Handshake</span> <span class="hljs-selector-tag">Message</span>
16 24<span class="hljs-selector-class">.111419901</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 109 <span class="hljs-selector-tag">Change</span> <span class="hljs-selector-tag">Cipher</span> <span class="hljs-selector-tag">Spec</span>, <span class="hljs-selector-tag">Encrypted</span> <span class="hljs-selector-tag">Handshake</span> <span class="hljs-selector-tag">Message</span>
17 24<span class="hljs-selector-class">.113519322</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 5684 36038 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 92 <span class="hljs-selector-tag">Application</span> <span class="hljs-selector-tag">Data</span> (<span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">READ</span> <span class="hljs-selector-tag">request</span> <span class="hljs-selector-tag">from</span> <span class="hljs-selector-tag">server</span>)
18 24<span class="hljs-selector-class">.114368265</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 127<span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.0</span><span class="hljs-selector-class">.1</span> 36038 5684 <span class="hljs-selector-tag">DTLSv1</span><span class="hljs-selector-class">.2</span> 108 <span class="hljs-selector-tag">Application</span> <span class="hljs-selector-tag">Data</span> (<span class="hljs-selector-tag">LWM2M</span> <span class="hljs-selector-tag">READ</span> <span class="hljs-selector-tag">response</span> <span class="hljs-selector-tag">from</span> <span class="hljs-selector-tag">client</span>)
</code></pre>
<p>Is mailing list the right way to ask this question ? or should I
ask this kind of question on <a
href="https://gitlab.com/gnutls/gnutls">gitlab</a> ?<br>
</p>
<p>Simon </p>
</body>
</html>