krekeltronics / node-mbed-dtls Goto Github PK
View Code? Open in Web Editor NEWThis project forked from therudo/node-mbed-dtls
node DTLS server wrapping mbedtls
License: Apache License 2.0
This project forked from therudo/node-mbed-dtls
node DTLS server wrapping mbedtls
License: Apache License 2.0
Ensure that SSL cookie contexts' are properly handled and memory is freed.
When a server and client negotiate a cipher-suite they will try to agree on the strongest cipher possible.
Expose an optional callback to node-js that will report the actual cipher used for the connection.
This can be integrated into the SSL cookie callback defined in #1.
Refer to the section "Server-side only: Cookies for client verification" in this document https://tls.mbed.org/kb/how-to/dtls-tutorial.
We need the two callbacks mentioned mbedtls_ssl_cookie_write_t
and mbedtls_ssl_cookie_check_t
to be optionally exposed to node.js so that our server backend can handle them.
Make registering these optional, so if the user does not decide to use them the current use of the default handlers is preserved.
Write an example server and client that show how to test and use these callbacks by persisting a connection cookie across multiple client connects and add the example to the example/test directory.
When the DTLS connection is negotiated, mbedtls will attempt to verify the certificate. Depending on the setting, the connection will be refused when the certificate fails or a warning will be issued and the connection established anyways.
To support these two scenarios we need to
Expose the verification setting to node js. Specifying this setting should be made mandatory in the API. ( MBEDTLS_SSL_VERIFY_NONE
, MBEDTLS_SSL_VERIFY_OPTIONAL
and MBEDTLS_SSL_VERIFY_REQUIRED
)
Expose an optional callback that can be registered from nodejs for the server to be notified about whether verification has succeeded when set to MBEDTLS_SSL_VERIFY_OPTIONAL
.
To verify that the setting works, create test/example programs and associated Keys and Certificates that will demonstrate
Handshake with only keys and MBEDTLS_SSL_VERIFY_NONE
.
With MBEDTLS_SSL_VERIFY_OPTIONAL
a. Handshake with successful verification reported by the callback.
b. Handshake with failed verification reported by the callback.
With MBEDTLS_SSL_VERIFY_REQUIRED
a. Successful verification
b. failed verification
The RFC standards specify a long list of cipher-suites that can be used for DTLS communication.
Expose an optional setting to node-js that can configure which cipher-suites a server will accept. Validate them against the use of PSK and Key authentication. If PSK callback is registered then require at least one PSK-capable ciphersuite to be enabled. If a server key is specified, then require at least one key-capable ciphersuite to be enabled.
Create node-js user friendly defines for the specification of the ciphers. See here for DTLS ciphers https://tools.ietf.org/html/rfc4492#section-6.
Create examples demonstrating at least
A PSK configuration where
a. the ciphersuite requirements are ok
b. no ciphersuite suitable for PSK is set resulting in a node error exception.
A key configuration where
a. a the ciphersuit requirements are ok
b. no ciphersuite suitable for key exchange is selected resulting in a node error exception.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.