public final class HelloVerifyRequest extends HandshakeMessage
ClientHello message to
prevent Denial-of-Service Attacks.
See RFC 6347 for the definition.
It seems, that this definition is ambiguous about the server version to be used.
The server_version field ... DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be negotiated. ... The server MUST use the same version number in the HelloVerifyRequest that it would use when sending a ServerHello. ...
A DTLS 1.2 server can either (SHOULD) send a version 1.0, or (MUST use same version) 1.2. This question is pending in the IETF TLS mailing list, see RFC 6347 - Section 4.2.1 - used version in a HelloVerifyReques.
There may be many assumptions about the intended behavior. One is to postpone the version negotiation according RFC 5246 - E.1 - Compatibility with TLS 1.0/1.1 and SSL 3.0 until the endpoint ownership is verified. That prevents sending protocol-version alerts to wrong clients.
Behavior of other DTLS 1.2 implementations:All clients of these libraries are able to perform a dtls-handshake with both variants, 1.0 and 1.2. Some other clients seems to have trouble with 1.0. If interoperability is required, a client MUST comply with the definition there:
DTLS 1.2 and 1.0 clients MUST use the version solely to indicate packet formatting (which is the same in both DTLS 1.2 and 1.0) and not as part of version negotiation. In particular, DTLS 1.2 clients MUST NOT assume that because the server uses version 1.0 in the HelloVerifyRequest that the server is not DTLS 1.2 or that it will eventually negotiate DTLS 1.0 rather than DTLS 1.2.
FRAGMENT_LENGTH_BITS, FRAGMENT_OFFSET_BITS, MESSAGE_HEADER_LENGTH_BYTES, MESSAGE_LENGTH_BITS, MESSAGE_SEQ_BITS, MESSAGE_TYPE_BITS| Constructor and Description |
|---|
HelloVerifyRequest(ProtocolVersion version,
byte[] cookie,
InetSocketAddress peerAddress) |
| Modifier and Type | Method and Description |
|---|---|
byte[] |
fragmentToByteArray()
The serialization of the handshake body (without the handshake header).
|
static HandshakeMessage |
fromReader(org.eclipse.californium.elements.util.DatagramReader reader,
InetSocketAddress peerAddress) |
byte[] |
getCookie() |
int |
getMessageLength()
Must be implemented by each subclass.
|
HandshakeType |
getMessageType()
Returns the type of the handshake message.
|
ProtocolVersion |
getServerVersion() |
String |
toString() |
fragmentChanged, fromByteArray, fromGenericHandshakeMessage, getContentType, getFragmentLength, getFragmentOffset, getMessageSeq, getNextHandshakeMessage, getRawMessage, setMessageSeq, setNextHandshakeMessage, size, toByteArray, writeTogetPeerpublic HelloVerifyRequest(ProtocolVersion version, byte[] cookie, InetSocketAddress peerAddress)
public byte[] fragmentToByteArray()
HandshakeMessageClientHello, the
fragments are considered to be not modified. If a modification is required,
call HandshakeMessage.fragmentChanged().fragmentToByteArray in class HandshakeMessagepublic static HandshakeMessage fromReader(org.eclipse.californium.elements.util.DatagramReader reader, InetSocketAddress peerAddress)
public HandshakeType getMessageType()
HandshakeMessageHandshakeType.getMessageType in class HandshakeMessageHandshakeType.public int getMessageLength()
HandshakeMessagegetMessageLength in class HandshakeMessagepublic ProtocolVersion getServerVersion()
public byte[] getCookie()
public String toString()
toString in class HandshakeMessageCopyright © 2023 Eclipse Foundation. All rights reserved.