search

Rantanen / node-dtls

JavaScript DTLS implementation for Node.js
ISC License
58 stars 15 forks source link

server chooses cypher not on client's cypher list #13

Open nickdesaulniers opened 8 years ago

nickdesaulniers commented 8 years ago

example logging:

...
2016/01/06 09:51:25.342 [dtls.ServerHandshakeHandler] : ClientHello received. Client version: 1.2
2016/01/06 09:51:25.342 [dtls.ServerHandshakeHandler] : Client ciphers
2016/01/06 09:51:25.342 [dtls.ServerHandshakeHandler] : [ 49195, 49199, 49162, 49161, 49171, 49172, 51, 57 ]
2016/01/06 09:51:25.345 [dtls.ServerHandshakeHandler] : Server cipher used: 47
2016/01/06 09:51:25.345 [dtls.ServerHandshakeHandler] : Sending ServerHello, Certificate, HelloDone

notice how the server chose cypher 47, though it's not in the client's suite.

nickdesaulniers commented 8 years ago

oh, looks like it's hardcoded:

https://github.com/Rantanen/node-dtls/blob/master/ServerHandshakeHandler.js#L196-L217

Rantanen commented 8 years ago

I think that's the only cipher that has been implemented currently. >.>

nickdesaulniers commented 8 years ago

CBC should be avoided. Can I unimplement it and replace it somethings stronger? :stuck_out_tongue_winking_eye:

I work with the DTLS spec author (ekr), so I can try and see if he'll help vet some of this stuff.

Rantanen commented 8 years ago

Would be more than happy to have better support for other cipher suites. Feel free to hard code something else in its place too. I can take care of the negotiation and cipher selection later if you don't feel like poking that part.

(Oh, also loved to see more interest in the peerconnection front! That was the whole reason I started this project as well. Unfortunatley the complexity of this alone killed some of the motivation to continue with my peerconnection implementation.)

nickdesaulniers commented 8 years ago

If you've got cycles + are still interested, you should help us out, we need more contributors! :smile: