MaxDatagramPacket is used for pre-fragmenting certificates during the DTLS handshake process. But 1200 is too large to actually do any fragmenting, so that is reduced to 600.
When certificates are fragmented, DtlsConnectionListener uses the wrong size for buffer overflow. The full cert length is in the Length field, and FragmentLength is the expected length.
While calculating verify data, DtlsConnectionListener uses the wrong handshake instance, so if the cert is fragmented, FragmentLength mismatches between client and server and a connection cannot verify later on.
Unrelated changes I hadn't committed:
Clarified and improved tracking and reporting of ping. Historically, loopback connections would nearly infinite loop because resends would spam at 0ms or 1ms ping if the "remote" didn't handle every single packet perfectly. To fix this, I lazily capped min-ping at 50ms. This fixes it better by separating reported ping from min-resend-delay.
Fixes two bugs in DTLS and adjusts a constant:
Unrelated changes I hadn't committed: Clarified and improved tracking and reporting of ping. Historically, loopback connections would nearly infinite loop because resends would spam at 0ms or 1ms ping if the "remote" didn't handle every single packet perfectly. To fix this, I lazily capped min-ping at 50ms. This fixes it better by separating reported ping from min-resend-delay.