DTLS Session Resumption on nRF9160, modem FW v1.1.0

RE: DTLS Session Resumption on nRF9160, modem FW v1.1.0

Marcus_S — Fri, 13 Dec 2019 14:06:01 GMT

OK, thank you for clarifying this!

RE: DTLS Session Resumption on nRF9160, modem FW v1.1.0

Håkon Alseth — Fri, 13 Dec 2019 13:22:56 GMT

Hi,

My apologies for the late answer, it took a bit longer than expected to find who worked on this specific feature internally.

I have been reaching out internally to the teams working on the net stack, and unfortunately gotten this confirmed; session cache is not fully implemented in bsdlib.

I have also requested that this is to be documented in bsdlib.

Kind regards,

Håkon

RE: DTLS Session Resumption on nRF9160, modem FW v1.1.0

Marcus_S — Thu, 12 Dec 2019 09:49:54 GMT

Sorry, that was an error in my previous post, which I thought I have edited, but the edit does not show... Anyway, actually I am using nrf_sec_session_cache_t used in the struct nrf_sec_config_t, and I am also checking the error code:

nrf_sec_config.session_cache = 0; // 0=enabled!
...
if (nrf_setsockopt(dtlsSocket, NRF_SOL_SECURE, NRF_SO_SEC_SESSION_CACHE, &nrf_sec_config.session_cache, sizeof(nrf_sec_config.session_cache)) < 0)
{
    LOG_ERR("setsockopt NRF_SO_SEC_SESSION_CACHE: %d", errno);
    nrf_close(dtlsSocket);
    dtlsSocket = -1;
    return false;
}

RE: DTLS Session Resumption on nRF9160, modem FW v1.1.0

Håkon Alseth — Thu, 12 Dec 2019 09:34:04 GMT

Hi,

The type it takes in is "nrf_sec_session_cache_t", which is a uint8_t. passing a int shall give an err return.

Could you try passing this type? Remember to always check the return code.

Kind regards,

Håkon

RE: DTLS Session Resumption on nRF9160, modem FW v1.1.0

Marcus_S — Tue, 10 Dec 2019 13:11:25 GMT

OK, this is what I do, but it doesn't work. I always get an empty session ID in the Client Hello messages.

Does the nRF9160 support session IDs and session tickets, or only one of the two?

How long does it cache a session? Can this timeout be configured?

Is there any documentation on nRF9160 TLS/DTLS capability?

BTW, in my code above I forgot to post the SEC_SESSION_CACHE option:

int session_cache = 0; // 0=enabled!
nrf_setsockopt(dtlsSocket, NRF_SOL_SECURE, NRF_SO_SEC_SESSION_CACHE, &session_cache, sizeof(session_cache));

RE: DTLS Session Resumption on nRF9160, modem FW v1.1.0

Håkon Alseth — Mon, 09 Dec 2019 13:46:28 GMT

Hi,

For this specific SO_SEC option, it seems that the offloading does not handle it:

https://github.com/NordicPlayground/fw-nrfconnect-nrf/blob/master/lib/bsdlib/nrf91_sockets.c#L110

the offloading API in zephyr does not have a SEC_SESSION_CACHE defined, so the nrf91_sockets.c cannot handle it properly from an offloading point-of-view. The "NRF_SO_SEC_SESSION_CACHE" must be set using nrf_setsockopt() directly at this time, unfortunately. I'll make the developers aware of this issue.

Kind regards,

Håkon