boaks
commented
4 months ago Please retest with PR #2264
Closed kkonieczny-avs closed 1 month ago
boaks
commented
4 months ago Please retest with PR #2264
kkonieczny-avs
commented
4 months ago Works, thanks again today ;)
boaks
commented
4 months ago Thanks for reporting.
PR #2264 uses an API extension (new method) so it will be a minor release.
I currently spend my time into auto-provisioning for the cf-cloud-demo-server and cf-s3-proxy-server. My forecast will be a 3.13 around end of July or begin of August. If it's not urgent, The fixes will be published with that.
boaks
commented
1 month ago The minor release is scheduled, see issue #2285
I am using californium as a server and a client in version 3.12.1. In cases described below the server is in DtlsSecureRenegotiation.WANTED mode. When the client is using DtlsSecureRenegotiation.WANTED or NONE the abbreviated handshake is working correctly. abbreviated_handshake_DtlsSecureRenegotation_WANTED.pcapng.zip
When client is using DtlsSecureRenegotiation.NEEDED ServerHello is rejected by the client during the abbreviated handshake. abbreviated_handshake_DtlsSecureRenegotation_NEEDED.pcapng.zip
It seems the client doesn't include TLS_EMPTY_RENEGOTIATION_INFO_SCSV in cipher suite or renegotiation_info extension when performing abbreviated handshake in ClientHello, but expect the server to send this extension in ServerHello. This causes client to terminate the connection when in NEEDED mode.