Open valkum opened 2 years ago
rustls
doesn't allow renegotiation, and at the moment i'm following their footsteps in terms of security choices, so I guess it'll be alright there.
The spec has some more API requirements I will not copy here. Could you have a look at them too?
Yes, if i could see what more logic needs to be implemented at the DTLS layer, i can consider how i can offer that.
The WebRTC spec defines some requirements for the used DTLS implementation:
At least the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite needs to be supported with support for the P-256. Both of these requirements are met in rustls (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 & P-256).
Firefox additionally has support for P-384 and x25519 as well as TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256. Chrome adds TLS_RSA_WITH_AES_128_GCM_SHA256 on top. Except the added one of chrome all are supported by rustls, so this is fine. Both Chrome and Firefox also have support for CBC ones, but I guess we can ignore them (at least for now).
Furthermore, "Implementations MUST NOT implement DTLS renegotiation and MUST reject it with a "no_renegotiation" alert if offered." So I guess It would be nice if dtls-rs could allow to configure in which cases an alert should be created in addition to allow configuring stuff like renegotiation.
The spec has some more API requirements I will not copy here. Could you have a look at them too?