DTLSConnection Id Support #113
Description
I am submitting a …
- bug report
- feature request
Description
Connection ID (CID) extension to DTLS is described in RFC 9146 (or draft-ietf-tls-dtls-connection-id-05 for legacy version).
From the mbedtls ssl.h file:
The DTLS CID extension allows the reliable association of
DTLS records to DTLS connections across changes in the
underlying transport (changed IP and Port metadata) by
adding explicit connection identifiers (CIDs) to the
headers of encrypted DTLS records. The desired CIDs are
configured by the application layer and are exchanged in
newClientHello/ServerHelloextensions during the
handshake, where each side indicates the CID it wants the
peer to use when writing encrypted messages. The CIDs are
put to use once records get encrypted: the stack discards
any incoming records that don't include the configured CID
in their header, and adds the peer's requested CID to the
headers of outgoing messages.
The draft (or legacy) version is supported since mbedtls 2.18.0. However the "final" RFC 9146 version is only supported from mbedtls version 3.3.0 onward. Unfortunately, the draft version is not compatible with the final version.
As python-mbeddtls is currently based on the 2.x version of mbedtls, I understand python-mbedtls needs to be ported to the 3.x virsion first. According to issue #46 from July 2021 moving to the 3.x version was in the planning for the future; maybe this could be a reason to make the future happen?
I am interested in helping to add CID support to python-mbedtls, but moving the project to version 3.x of mbedtls will be to much for me.
Current behavior
DTLS CID is not supported
Expected behavior
DTLS CID is supported