Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DTLS cookies are disabled - Vulnerable to amplification attacks #1

Open
NZSmartie opened this issue Jan 28, 2017 · 0 comments
Open

DTLS cookies are disabled - Vulnerable to amplification attacks #1

NZSmartie opened this issue Jan 28, 2017 · 0 comments
Assignees
@NZSmartie
Labels
Security

Comments

@NZSmartie
Copy link
Owner

mbedTLS is a stateless TLS library, which requires TLS sessions to be restarted if a client's cookie is invalid (or missing) before Hello Verification can succeed. The default cookie callback functions are not intended to work right out of the box for security reasons.
But I'm lazy and have concluded that since these devices will initially be running on a network with no access to the internet, the risk is low.

Please read mbed's DTLS Tutorial for more information, especially the heading MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
@NZSmartie NZSmartie self-assigned this Jan 28, 2017
@NZSmartie NZSmartie changed the title DTLS Cookie's are disabled - Vulnerable to amplification attacks DTLS cookies are disabled - Vulnerable to amplification attacks Jan 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NZSmartie NZSmartie

Labels
Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NZSmartie