DTLS implementation using light weight API

[cyberdon333]

Hi, I'm working on a project that's currently using the native Java implementation of DTLS. In it, we receive traffic on a well known port, but connect and transmit from a different port.

We're now re-implementing with BC because we need to be FIPS compliant. The issue I'm having is the UDPTransport requires the socket to be connected to the client. Is there a way other than having to redirect the clients to another port from the well-known port before starting the DTLS handshake?

[peterdettman]

UDPTransport is really just an example implementation for DatagramTransport, which you should probably implement in some other way suitable to your needs. Unfortunately our API does not include pre-built servers, or have good async support in general (which has been requested elsewhere) which makes some scenarios overly complicated to implement.

Possibly the DTLSVerifier class and its (non-connecting) verifyRequest method will be of help in the "port switcheroo" that you are trying to accomplish.

Note that we have support for connection ID, but it requires you to handle the actual network traffic and binding the IDs to the objects implementing the handshake/application_data, in conjunction with specialized DTLSTransport methods receive(Pending) taking a DTLSRecordCallback.