Skip to content
  1. Oct 30, 2013
    • Robin Seggelmann's avatar
      DTLS/SCTP Finished Auth Bug · 9fb523ad
      Robin Seggelmann authored
      PR: 2808
      
      With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
      FORWARD-TSN chunks. The key for this extension is derived from the
      master secret and changed with the next ChangeCipherSpec, whenever a new
      key has been negotiated. The following Finished then already uses the
      new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
      the same flight as the ClientKeyExchange, which is necessary for the
      computation of the new secret. Hence, these messages are sent
      immediately following each other, leaving the server very little time to
      compute the new secret and pass it to SCTP before the finished arrives.
      So the Finished is likely to be discarded by SCTP and a retransmission
      becomes necessary. To prevent this issue, the Finished of the client is
      still sent with the old key.
      9fb523ad
  2. Oct 21, 2013
  3. Oct 20, 2013
  4. Oct 15, 2013
  5. Oct 14, 2013
  6. Oct 13, 2013
  7. Oct 12, 2013
  8. Oct 10, 2013
  9. Oct 07, 2013
  10. Oct 05, 2013
  11. Oct 04, 2013
  12. Oct 03, 2013
  13. Oct 01, 2013