• State Not Answered
  • Replies 16 replies
  • Subscribers 87 subscribers
  • Views 1991 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 347379
Options

DTLS minimum handshake timeout

samuel4

Hi

It seems that the default minium DTLS handshake timeout is about 1 second. That means, there is a retransmission if a response isn't received within this timeout. In NB-IoT/LTE-M this leads to many unnecessary retransmission:

The server is configured to a higher timeout, but how can I configure the nRF9151 to be more patient during handshake? Since NB-IoT has latencies up to 10 seconds, retransmitting every second does barely make sense.

I have tried a lot of socket options so far, but none seem to work. Zephyr itself offers TLS_DTLS_HANDSHAKE_TIMEOUT_MIN, but this one is not supported on offloaded sockets. Am I missing something? It would be a pitty if I have to switch to mbedTLS, because of a missing handshake timeout.

NCS version: v3.0.2

Best regards
Samuel

  • 0 in reply to Achim Kraus

    The secure socket (TLS/DTLS) API is part of the LTE modem. This handles re-transmissions inside the modem. From our documentation:

    What is TLS_DTLS_HANDSHAKE_TIMEOUT_MIN compared to NRF_SO_SEC_DTLS_HANDSHAKE_TIMEO?
    • TLS_DTLS_HANDSHAKE_TIMEOUT_MIN is a Zephyr generic TLS socket option that sets the minimum DTLS handshake retransmission timeout (in milliseconds). It works with TLS_DTLS_HANDSHAKE_TIMEOUT_MAX; the handshake timeout starts at min and doubles on each retry until max is reached (TLS_DTLS_HANDSHAKE_TIMEOUT_MIN).
    • NRF_SO_SEC_DTLS_HANDSHAKE_TIMEO is an nRF modem–specific socket option (NRF_SOL_SECURE) that sets the total DTLS handshake timeout (including retransmissions) using fixed, allowed values in seconds: 0, 1, 3, 7, 15, 31, 63, 123 (Zephyr alias: TLS_DTLS_HANDSHAKE_TIMEO) (Socket optionsTLS_DTLS_HANDSHAKE_TIMEO).
    • TLS_DTLS_HANDSHAKE_TIMEOUT_MAX is the Zephyr generic TLS socket option that sets the maximum DTLS handshake retransmission timeout (in milliseconds). Together with TLS_DTLS_HANDSHAKE_TIMEOUT_MIN, the timeout starts at MIN and doubles on each retransmission until MAX is reached (time unit: ms) (TLS_DTLS_HANDSHAKE_TIMEOUT_MAX; TLS_DTLS_HANDSHAKE_TIMEOUT_MIN).
      This contrasts with the nRF modem–specific NRF_SO_SEC_DTLS_HANDSHAKE_TIMEO (Zephyr alias TLS_DTLS_HANDSHAKE_TIMEO), which sets a single total handshake timeout in seconds with fixed allowed values (0, 1, 3, 7, 15, 31, 63, 123) (socket_ncs.h TLS_DTLS_HANDSHAKE_TIMEO; Modem socket options).
    In short: TLS_DTLS_HANDSHAKE_TIMEOUT_MIN/MAX control per-retry backoff (ms) in Zephyr’s generic TLS; NRF_SO_SEC_DTLS_HANDSHAKE_TIMEO sets a single total handshake timeout (s) for nRF modem sockets with predefined values.
    The nRF Connect SDK Networking Sockets, designed for nRF91-series, is part of the Modem Library

    The values in https://docs.nordicsemi.com/bundle/nrfxlib-apis-latest/page/group_nrf_socket_so_sec_handshake_timeo… are valid configuration to socket option NRF_SO_SEC_DTLS_HANDSHAKE_TIMEO. This means timeout value for complete DTLS handshake.

    Supported DTLS total handshake timeouts are 1 s, 3 s, 7 s, 15 s, 31 s, 63 s and 123. DTLS handshake timeout is a requirement from Verizon Network.

    In LTE-M:

    If application configures maximum DTLS handshake timeout to 15 sec, MFW uses DTLS re-transmission timeouts 1 s, 2 s, 4 s, 8 s = 15 s

    In NB-Iot:

    If application configures maximum DTLS handshake timeout to 63 sec, MFW uses DTLS re-transmission timeouts 4 s, 8 s, 16 s, 32 s = 60 s


    Let me know if anything is unclear based on this.
Related
Terms of service