DTLS 1.3 support - Githubissues

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)

https://www.bouncycastle.org/java.html

MIT License

2.22k stars 1.1k forks source link

DTLS 1.3 support #1468

Open JonathanLennox opened 11 months ago

JonathanLennox commented 11 months ago

BouncyCastle should support DTLS 1.3.

It's not imminently needed, but since (D)TLS 1.2 doesn't seem likely to get any post-quantum KEMs, DTLS 1.3 will be needed to protect DTLS traffic (and things derived from it, like WebRTC traffic) from harvest-now-decrypt-later attacks.

Horcrux7 commented 7 months ago

If I try to use DTLS 1.3 I get the follow exception:

org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
    at org.bouncycastle.tls.DTLSClientProtocol.generateClientHello(DTLSClientProtocol.java:406)
    at org.bouncycastle.tls.DTLSClientProtocol.clientHandshake(DTLSClientProtocol.java:91)
    at org.bouncycastle.tls.DTLSClientProtocol.connect(DTLSClientProtocol.java:52)

Any progress on it?

Frosne commented 5 months ago

Hello, Do you have any update on supporting DTLS1.3?

Thanks.