• State Not Answered
  • Replies 4 replies
  • Subscribers 75 subscribers
  • Views 1141 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 282105
Options

Connection Identifiers for DTLS 1.2 in NRF9160 modem firmware

asprenger

Hello,

as far as I know the TLS implementation in the NRF9169 MFW does currently not support Connection Identifiers for DTLS 1.2.

Are there any plans or a timeline when this might be available?

I need to open a UDP/DTLS socket on a NRF9160 that connects to a CoAP (or LWM2M) server over LTE. I want to keep the connection open for a long period of time (several days) to minimize the traffic for the handshake. In practice this does not work because of NAT happening in the network infrastructure. From the server perspective the client changes the network port (and maybe the IP address) and the DTLS connection can not be associated any more. The connection ID would solves this problem.

I know that the RFC is still a draft.

An alternative would be to use MbedTLS.  MbedTLS has already implemented connection IDs (we are using this in an Mbed based project). But this would increase the firmware size quite a bit.

Any ideas?

Thanks

Andre

Parents
  • 0

    Hi Andre,

    RFC9146 has reached the editor's queue and gets hopefully soon released.

    Though the MAC calculation was adapted a year ago (version 09 of that draft), it's important to use either versions according the final definition (e.g. eclipse/californium 3.0.0)  or to take care, that you use "matching non-compliant" versions.

    Last year I started to update eclipse/tinydtls and there is a PR, which contains the dtls-client part for DTLS 1.2 CID (at least a very simple, but working one). Together with some other tinydtls fixes (see pending PRs there), I started to port tinydtls to zephyr as well (not that hard). Using plain UDP from the modem and adding DTLS 1-.2 CID in the application works, my Thingy!91 is "up  and running with coap". I hope, I can publish that example in Q2/2022.

Reply
  • 0

    Hi Andre,

    RFC9146 has reached the editor's queue and gets hopefully soon released.

    Though the MAC calculation was adapted a year ago (version 09 of that draft), it's important to use either versions according the final definition (e.g. eclipse/californium 3.0.0)  or to take care, that you use "matching non-compliant" versions.

    Last year I started to update eclipse/tinydtls and there is a PR, which contains the dtls-client part for DTLS 1.2 CID (at least a very simple, but working one). Together with some other tinydtls fixes (see pending PRs there), I started to port tinydtls to zephyr as well (not that hard). Using plain UDP from the modem and adding DTLS 1-.2 CID in the application works, my Thingy!91 is "up  and running with coap". I hope, I can publish that example in Q2/2022.

Children
Related
Terms of service