mrdeep1
commented
5 months ago This version works for me instead of #223.
Closed boaks closed 4 months ago
mrdeep1
commented
5 months ago This version works for me instead of #223.
mrdeep1
commented
4 months ago Approved. Any idea as to when this will get merged?
boaks
commented
4 months ago @obgm
Any opinion?
obgm
commented
4 months ago LGTM (Did not test it, though.)
mrdeep1
commented
4 months ago pcap traces before / after the fix
Do not calculate the cookie using the Extensions as these are different between DTLS1.2 and DTLS1.3
https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
When responding to a HelloVerifyRequest, the client MUST use the same parameter values (version, random, session_id, cipher_suites, compression_method) as it did in the original ClientHello. The server SHOULD use those values to generate its cookie and verify that they are correct upon cookie receipt.
https://www.rfc-editor.org/rfc/rfc9147.html#section-5.3
The ClientHello up to, but not including the Extensions is the same for DTLS1.2 and DTLS1.3
Alternative implementation for PR #223 with boundary checks using SKIP_VAR_FIELD.