JKRhb / dtls2

A DTLS library for Dart based on OpenSSL.
MIT License
3 stars 0 forks source link

Make it possible to set the OpenSSL security level #98

Closed JKRhb closed 4 months ago

JKRhb commented 8 months ago

In the context of https://github.com/JKRhb/dtls2/pull/97, I noticed that the cipher suite PSK-AES128-CCM8 which is the minimum requirement for CoAPS according to RFC 7252, is not usable with OpenSSL 3.2 by default anymore. That is because the cipher suite only provides 128 bits of security, which now requires a security level of 0 (i.e., "Everything is permitted").

To deal with this, there should be a way to let users configure the security level. A helpful resource can be found here: https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html