diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/cha-bib.texi | 5 | ||||
| -rw-r--r-- | doc/cha-gtls-app.texi | 18 |
2 files changed, 23 insertions, 0 deletions
diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi index 2c8d16916e..69bffa4dc3 100644 --- a/doc/cha-bib.texi +++ b/doc/cha-bib.texi @@ -46,6 +46,11 @@ Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0", January 1999, Available from @url{http://www.ietf.org/rfc/rfc2246.txt}. +@item @anchor{RFC6083}[RFC6083] +M. Tuexen and R. Seggelmann and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)", +January 2011, Available from +@url{http://www.ietf.org/rfc/rfc6083.txt}. + @item @anchor{RFC4418}[RFC4418] Ted Krovetz, "UMAC: Message Authentication Code using Universal Hashing", March 2006, Available from diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 37b00514da..18f8938697 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -794,6 +794,7 @@ remaining until the next retransmission, or better the time until * Asynchronous operation:: * Reducing round-trips:: * DTLS sessions:: +* DTLS and SCTP:: @end menu @node Asynchronous operation @@ -914,6 +915,23 @@ a path MTU discovery mechanism @xcite{RFC4821}. @showfuncC{gnutls_dtls_set_mtu,gnutls_dtls_get_mtu,gnutls_dtls_get_data_mtu} +@node DTLS and SCTP +@subsection DTLS and SCTP + +Although DTLS can run under any reliable or unreliable layer, there are +special requirements for SCTP according to @xcite{RFC6083}. We summarize the +most important below, however for a full treatment we refer to @xcite{RFC6083}. + +@itemize +@item The MTU set via @funcref{gnutls_dtls_set_mtu} must be 2^14. +@item Replay detection must be disabled; use the flag @code{GNUTLS_NO_REPLAY_PROTECTION} with @funcref{gnutls_init}. +@item Retransmission of messages must be disabled; use @funcref{gnutls_dtls_set_timeouts} + with a retransmission timeout larger than the total. +@item Handshake, Alert and ChangeCipherSpec messages must be sent over stream 0 with unlimited reliability + and with the ordered delivery feature. +@item During a rehandshake, the caching of messages with unknown epoch is + not handled by GnuTLS; this must be implemented in a special pull function. +@end itemize @node TLS handshake @section TLS handshake |