Use TLS over UDP connection

Discussion:

(too old to reply)

saurav barik

2013-02-21 13:34:02 UTC

Hello,

I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP connection to the same server (UDP
socket) and am trying to do a TLS handshake. When I call SSL_connect()
over UDP connection, it fails with "SSL_ERROR_SYSCALL" error. When I
checked the error with ERR_get_error() I get a value of 0. Can I use
TLS over a UDP connection(I understand DTLS can be used but my project
needs TLS)?

Please share some pointers. Thanks for your time.

Regards,
Saurav
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Eisenacher, Patrick

2013-02-22 09:03:17 UTC

Permalink

-----Original Message-----
From: saurav barik
Can I use
TLS over a UDP connection(I understand DTLS can be used but my project
needs TLS)?

No, you can't. You need a reliable transport protocol, i.e. TCP. See RFC 5246. It's right there in the first paragraph of chapter one.

Patrick Eisenacher
�zt�,��-��i��0^��%��Һ�h��X��^��%�ǫ��^��%��

Trevor Jordan

2013-02-22 09:08:50 UTC

Permalink

Post by saurav barik
Hello,
I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP connection to the same server (UDP
socket) and am trying to do a TLS handshake. When I call SSL_connect()
over UDP connection, it fails with "SSL_ERROR_SYSCALL" error. When I
checked the error with ERR_get_error() I get a value of 0. Can I use
TLS over a UDP connection(I understand DTLS can be used but my project
needs TLS)?
Please share some pointers. Thanks for your time.
Regards,
Saurav
______________________________________________________________________
OpenSSL Project http://www.openssl.org

You can use DTLS (TLS over UDP). OpenSSL supports it. Have you checked
out sctp.fh-muenster.de ?

Dave Thompson

2013-02-25 03:26:13 UTC

Permalink

Sent: Friday, 22 February, 2013 00:41

I think this fits better on -users and put that first, but if you
ask both lists please indicate in the message (as I did) because
people don't necessarily read both and see the duplication.

I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP connection to the same server (UDP
socket) and am trying to do a TLS handshake. When I call SSL_connect()
over UDP connection, it fails with "SSL_ERROR_SYSCALL" error. When I
checked the error with ERR_get_error() I get a value of 0. Can I use

If SSL_connect/etc returns -1 and SSL_get_error returns _SYSCALL, then
the error information is in the OS (errno on Unix or WSAGetLastError()
on Windows) instead of, or sometimes (rarely?) in addition to,
ERR_get_error and friends. See man -3ssl SSL_get_error.

TLS over a UDP connection(I understand DTLS can be used but my project
needs TLS)?

There is no such thing as a UDP connection; UDP is connectionless.

I haven't examined socket-BIO's support for UDP (DGRAM) to see if
non-DTLS protocols could successfully call it. Even if it does,
or you substitute a BIO that does, TLS can't work for long over
UDP semantics, which can lose reorder and duplicate packets.

TLS depends on TCP's reliable in-order transport. DTLS basically
re-implements enough of TCP to make TLS functionality work. If
you don't do either of those, and you develop on two machines on
a single quiet LAN segment as common in development environments
it may appear to work at least sometimes; if you then deploy to
users on the real internet or even just a large organization
intranet, the chances of it working plummet.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

David Woodhouse

2013-02-25 10:54:22 UTC

Permalink

Post by Dave Thompson
TLS depends on TCP's reliable in-order transport. DTLS basically
re-implements enough of TCP to make TLS functionality work.

That isn't entirely true. Or at least it's misleadingly phrased.

DTLS copes with packet loss and packet re-ordering. If your data are
transported over DTLS you'd best make sure your application is expecting
to cope with packet loss and re-ordering too.

DTLS does its own retries of the handshake messages, and I suppose
strictly speaking that *is* "enough of TCP to make DTLS functionality
work". But you should be careful not to give the impression that DTLS
will magically give you an in-order, guaranteed-delivery data stream.
It won't; it's still a datagram protocol at heart.

--
David Woodhouse Open Source Technology Centre
***@intel.com Intel Corporation

Dave Thompson

2013-02-25 22:00:10 UTC

Permalink

Sent: Monday, 25 February, 2013 05:54

Post by Dave Thompson
TLS depends on TCP's reliable in-order transport. DTLS basically
re-implements enough of TCP to make TLS functionality work.

That isn't entirely true. Or at least it's misleadingly phrased.
DTLS copes with packet loss and packet re-ordering. If your data are
transported over DTLS you'd best make sure your application
is expecting to cope with packet loss and re-ordering too.
DTLS does its own retries of the handshake messages, and I suppose
strictly speaking that *is* "enough of TCP to make DTLS functionality
work". But you should be careful not to give the impression that DTLS
will magically give you an in-order, guaranteed-delivery data stream.
It won't; it's still a datagram protocol at heart.

You're right; I was thinking mostly of handshake, and also compressed
too much. What I meant is (more like): DTLS/UDP uses techniques of
sequence-numbering, sequence-checking, and retries similar to TCP
-- and X.25 and SNA and other reliable-ish protocols -- to work
nearly as well as TLS/TCP, for some value of nearly. While TLS/UDP
wouldn't have any such capabilities, and work much worse.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org