[erlang-questions] DTLS Status and examples?

Wed May 7 18:38:25 CEST 2014

Hi,

----- Original Message -----
> 
> Hi!
> 
> 2014-05-05 20:59 GMT+02:00 Myers Carpenter < myers@REDACTED > :
> 
> 
> 
> Hello,
> 
> I'm attempting to connect the data channel in webrtc to Erlang. You can read
> about my project here https://github.com/myers/exwebrtc .
> 
> I'm trying to understand where the DTLS code in Erlang is currently and where
> I might be able to pitch in.
> 
> 
> DTLS is not yet runnable, as there is not yet a red thread through the code.
> dtls_connection.erl is the most incomplete module. It is the module that
> implements
> the finite state machine of the DTLS handshake, it correspondes to
> tls_connection.erl. In general tls_* implements TLS specific parts and
> dtls_* DTLS specific parts and ssl_* common parts.

Looking at dtls_connection.erl, it seems to me that it replicates to much functionality
from tls_connection.erl.

At the pure TLS FSM level, DTLS and TLS are almost identical. The only real difference
here is the HELLO VERIFY request.

The main difference is at the transport level. DTLS adds fragmentation and re-transmits
for handshake records and an explicit record sequence number for encryption/decryption.

To me it looks like the current dtls_* modules duplicate lots of the SSL record level
FSM functions, when they IMHO should only abstract the differences in the transport
level mapping.

> You could always do a test suite for DTLS that corresponds to
> ssl_to_openssl_SUITE.erl in the test directory. Once you have a test suite
> it is easier to try to fill in the gaps in dtls_* .

The pure connection oriented test can be converted with very little effort. The test
that manually open a TCP connection are a bit harder. The real challenge will be to
come up with exhaustive testes for packet loss, reordering and duplication.

Andreas
> 
> 
> 
> 
> 
> I'm attempting to start a DTLS server and then connect to it via "openssl
> s_client"
> 
> Here's the code so far
> 
> -module(dtls_server).
> -export([start/0]).
> 
> start() ->
> ssl:start(),
> 
> {ok, _Socket} = dtls:listen(4499, [
> {mode, binary},
> {reuseaddr, true},
> {certfile, "server.cert"},
> {keyfile, "server.pkey"},
> {active, true},
> {ciphers, [{ecdhe_rsa, aes_128_cbc, sha}]}
> ]).
> 
> 
> 
> Looks like something that should work when all pieces are in place.
> 
> Regards Ingela Erlang/OTP team - Ericsson AB
> 
> 
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------