Menu

#3 Missing close_notify

1.0
accepted
Olaf Bergmann
None
2014-10-10
2014-09-12
sbernard
No 
I play with tinyDTLS my use case is :

a device A (tinydtls) which starts a DTLS session with a server B (scandium).
They exchange some application data then A close the DTLS session with close_notify. B MUST send a close_notify to A. Later B start a handshake with A to exchange some other application data.

It works but as alert are not retransmitted by DTLS and so may be lost over an unreliable network.(https://tools.ietf.org/html/rfc6012#section-5.5)

In the case where A don't receive a close_notify from B it seems when B start the handshake it failed with

**Sep 12 18:45:01 ALRT No security context for epoch: 0**

I suppose because the peer was not removed waiting a server close_notify which will never arrived because it was lost. (see dtls_handle_message)

Discussion

  • Olaf Bergmann

    Olaf Bergmann - 2014-10-04
    • status: open --> accepted
    • assigned_to: Olaf Bergmann
     

  • Olaf Bergmann

    Olaf Bergmann - 2014-10-04

    I guess there should be a timeout for close_notify, and when nothing has arrived by then, the session state is removed.

     

  • sbernard

    sbernard - 2014-10-10

    In the spec, they say "A transport sender (DTLS client) MAY choose to not wait for the transport receiver's close_notify alert and simply close the DTLS connection"

    Maybe this is the simplest solution.