Welcome! Log In Create A New Profile

Advanced

How is the progress to support DTLS

Posted by aperfectman 
aperfectman
How is the progress to support DTLS
February 09, 2018 08:50AM
Hello team,

I am looking for a loader balancer to support DTLS on UDP and found that
there is experimental DTLS support in specific version 1.13.0 Nginx.
http://nginx.org/patches/dtls/README.txt

Just curious about the progress of releasing the official feature? And is
it being supported in Nginx Plus?

Thanks,
Ted

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278434,278434#msg-278434

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Konovalov
Re: How is the progress to support DTLS
February 09, 2018 04:50PM
Hi Ted,

On 09/02/2018 10:44, aperfectman wrote:
> Hello team,
>
> I am looking for a loader balancer to support DTLS on UDP and found that
> there is experimental DTLS support in specific version 1.13.0 Nginx.
> http://nginx.org/patches/dtls/README.txt
>
> Just curious about the progress of releasing the official feature? And is
> it being supported in Nginx Plus?
>
have you tested the patch? Any feedback?

Thanks,

Maxim

--
Maxim Konovalov
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
aperfectman
Re: How is the progress to support DTLS
February 09, 2018 06:00PM
Hello Maxim,

Yes, I tested it based on the instruction but it didn't work. The error was

"DTLSv1_listen error -1 (SSL: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, udp
client: 127.0.0.1..."

However, with the same key, it worked with goldy
https://developer.ibm.com/code/open/projects/goldy/

So I think my key pair should be good.

Any suggestion?


Thanks,
Ted

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278434,278460#msg-278460

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
scoulibaly
Re: How is the progress to support DTLS
February 10, 2018 05:40PM
Ted,

I had similar issue recently and found out that the NGINX patch for DTLS
doesn't seem to support PSK. Depending on the client cipher negociation at
handshake time you might or might not encounter "no shared cipher". If you
can, you should force your client to use an "SSL" cipher supported by nginx
(and not a PSK one).

Regards
Sekine

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278434,278478#msg-278478

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
scoulibaly
Re: How is the progress to support DTLS
February 10, 2018 05:40PM
Ted,
A patched version of NginxPlus is available on request from Nginx customer
care (based on 1.18.0).
AFAIK the DTLS feature is expected to be deployed in either next or the
other one release.
Sekine

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278434,278479#msg-278479

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
scoulibaly
Re: How is the progress to support DTLS
February 10, 2018 05:40PM
Hi Maxim,

Tested the NginxPlus patch for DTLS. UDP healthchecking doesn't work
(ptoxy_timeout 1s, proxy_responses:1, my server answers every single request
right away). Reproducible with Californium Scandium demos.
Sekine

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278434,278480#msg-278480

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login