wolfSSL_dtls_export does not export TX/RX NONCE for DTLS v1.3?

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

https://www.wolfssl.com

GNU General Public License v2.0

2.34k stars 831 forks source link

wolfSSL_dtls_export does not export TX/RX NONCE for DTLS v1.3? #6218

Closed nunojpg closed 1 year ago

nunojpg commented 1 year ago

Version

master

Description

I'm trying dtls_export with a local build with -enable-dtls13 --enable-sessionexport=nopeer.

For a DTLSv1.3 TLS_AES_128_GCM_SHA256 when calling wolfSSL_dtls_export I get 334 bytes.

The export does not change as more datagrams are sent or received.

I wonder what is the impact of NONCE window/counters as this session is restored from this dump and communication continued.

julek-wolfssl commented 1 year ago

Hi @nunojpg,

unfortunately exporting DTLS 1.3 sessions is not yet supported. If you would like to submit a feature request, please write to us at support@wolfssl.com.

Sincerely Juliusz

nunojpg commented 1 year ago

Yes, I see it works for DTLS 1.2 great. I have edited the subject to reflect the actual issue now that you have explained.

Thanks