Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Session ID in DTLS (OpenSSL)

Tags:

openssl

dtls

I am trying to implement a DTLS server using OpenSSL. I can get app data through, but when the client and server have negotiated, I have noticed that the session_id is null on the server.

Checking the code, more specifically ssl_sess.c, session_id_length is explicitly set to zero, the comments refer to RFC4507.

My question is when the connection is negotiated, what ID can I use to uniquely identify a client?

I have noticed that on the client side, the session id seems to be calculated from the ticket, but this does not seem to happen on the server.

like image 324
Fredrik Jansson Avatar asked Oct 10 '22 21:10

Fredrik Jansson

1 Answers

Same as you would with any datagram-based application. Per RFC 4347 (Datagram Transport Layer Security):

Note that unlike IPsec, DTLS records do not contain any association identifiers. Applications must arrange to multiplex between associations. With UDP, this is presumably done with host/port number.

(Emphasis mine)

From your comment, it looks like you're actually trying to maintain state across "sessions" (a vague but probably applicable descriptor). Maintaining state across "sessions" is an application-layer problem. (D)TLS is transport-layer (hence the name).

Strictly speaking, the application running over (D)TLS needs to have its own concept of a "client ID" which gets sent by the client to the server. There are innumerable ways to deal with that, depending on the nature of your application and your security requirements (username+password of course is the most common).

Another option is to use client-side certificates as a substitute for an independent application-layer ID, but that still requires the application layer to understand what is going on and associate the client's certificate with the permanent state information. Annoyingly, this requires the management of a separate certificate for every single client. This is sufficiently burdensome that most people don't take this route. It does have advantages, e.g. users can't exactly pick a bad password or write it on a sticky note on their monitor. On the other hand, if someone gets access to the file the certificate is stored in, it's game over anyway.

Of course, many books could be (and have been with great frequency) written on the subject of security and authentication...

like image 197
Nicholas Knight Avatar answered Oct 14 '22 02:10

Nicholas Knight
Sign in to Comment

Related questions

python SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')",),))
Keytool list command shows incorrect keystore format
upgrade TLS 1.0 to TLS 1.2 on macOS
Why does reqwest require an OpenSSL installation?
OpenSSL Windows x64 Compilation error
FTPS (FTP-SSL) in Qt 4.6
MacPorts OpenSSL Force Link for Installing DotNet
How can I ensure that Ruby uses an OpenSSL not vulnerable to Heartbleed?
C# RSA Public Key Output Not Correct

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!