Description
We tried to "mimic" a browser for some kind of (unit) test by using DtlsControlImpl in PASSIVE mode
DtlsControlImpl dtlsControl = new DtlsControlImpl();
dtlsControl.registerUser(...);
dtlsControl.setSetup(DtlsControl.Setup.PASSIVE);
dtlsControl.start(MediaType.AUDIO);
This seems not to work.
Current behavior
We receive the following exception on the "PASSIVE" (/ hence server) side
Failed to accept a connection from a DTLS client! Received fatal alert 70.
org.bouncycastle.tls.TlsFatalAlert: protocol_version(70)
at org.bouncycastle.tls.AbstractTlsServer.getServerVersion(Unknown Source)
at org.bouncycastle.tls.DTLSServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.DTLSServerProtocol.serverHandshake(Unknown Source)
at org.bouncycastle.tls.DTLSServerProtocol.accept(Unknown Source)
at org.bouncycastle.tls.DTLSServerProtocol.accept(Unknown Source)
at org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.runInConnectThread(DtlsPacketTransformer.java:987)
at org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer$1.run(DtlsPacketTransformer.java:1196)
Expected Behavior
By investigating with wireshark the client (also libjitsi) is announcing "DTLS 1.2" in the client_hello
But the TlsServerImpl is not overridng getSupportedVersions()
So the bouncycastle default of AbstractTlsPeer is effectivly used which returns "TLS 1.2, TLS 1.3" (which does not match DTLS at all).
I guess such capability is not working since the refactoring for DTLS 1.2
daabbbf#diff-30f47ad6700b3852583ec377401c7d040b0df6ecb2ed5e38ccb90f076373f48a
See the removal of previous overriden methods for getMinimumVersion() and getMaximumVersion() where explicitly "DTLS 1.0" was returned.
Possible Solution
We locally changed TlsServerImpl to override getSupportedVersions() and return "DTLS 1.2" only (getMinimumVersion() and getMaximumVersion() seem not to exisit in bouncycastle anymore)
That alone was not enough. We changed some more aspects regarding getRSASignerCredentials() and getCertificateRequest()
With the changes mentioned above our "test-setup" works: One side DtlsControlImpl in PASSIVE mode the other side (the actual code under test) with DtlsControlImpl in ACTIVE mode.
I can create a pull-request if desired (or provide a patch) but I'm not 100% sure of the implications of the changes we did to TlsServerImpl.
Description
We tried to "mimic" a browser for some kind of (unit) test by using DtlsControlImpl in
PASSIVEmodeThis seems not to work.
Current behavior
We receive the following exception on the "PASSIVE" (/ hence server) side
Expected Behavior
By investigating with wireshark the client (also libjitsi) is announcing "DTLS 1.2" in the
client_helloBut the
TlsServerImplis not overridnggetSupportedVersions()So the bouncycastle default of AbstractTlsPeer is effectivly used which returns "TLS 1.2, TLS 1.3" (which does not match DTLS at all).
I guess such capability is not working since the refactoring for DTLS 1.2
daabbbf#diff-30f47ad6700b3852583ec377401c7d040b0df6ecb2ed5e38ccb90f076373f48a
See the removal of previous overriden methods for
getMinimumVersion()andgetMaximumVersion()where explicitly "DTLS 1.0" was returned.Possible Solution
We locally changed
TlsServerImplto overridegetSupportedVersions()and return "DTLS 1.2" only (getMinimumVersion()andgetMaximumVersion()seem not to exisit in bouncycastle anymore)That alone was not enough. We changed some more aspects regarding
getRSASignerCredentials()andgetCertificateRequest()With the changes mentioned above our "test-setup" works: One side DtlsControlImpl in PASSIVE mode the other side (the actual code under test) with DtlsControlImpl in ACTIVE mode.
I can create a pull-request if desired (or provide a patch) but I'm not 100% sure of the implications of the changes we did to TlsServerImpl.