boaks
commented
6 months ago tinydtls is a DTLS 1.2 (RFC 6347) implementation.
Do you follow CVE for DTLS/tinyDTLS and do you update the library?
We consider all here reported issues, at least, if we are able to reproduce it or we are able to follow the explanations. For now, tinydtls has not reached version 1.0 and we didn't publish newer releases as the old 0.8.6. That makes reporting CVE somehow ineffective. The point for no newer releases is mainly, that tinydtls is used in a couple of different OS and so such a binary release would be either pretty complex or would not cover the the wide range of usage. The most are pretty happy by just compile it on there self.
Some have been released over the years on contiki implementation:
We don't maintain the tinydtls fork of the contiki(-ng) project. I've asked that project about their interest, but I didn't receive an answer. They way to fix issues there is to update that fork to this origin, but that's the task for the contiki-ng project, not for this one.
biboc
Hi,
Is DTLS implementation compatible with TLS1.1, 1.2 and/or 1.3?
Do you follow CVE for DTLS/tinyDTLS and do you update the library? Some have been released over the years on contiki implementation: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tinydtls
Thanks,