openssl/openssl

Could OpenSSL send alerts when DTLS is over sctp?

Open

#24,769 建立於 2024年7月1日

在 GitHub 查看
 (2 留言) (1 反應) (0 負責人)C (11,262 fork)batch import
help wantedtriaged: feature

倉庫指標

Star
 (30,157 star)
PR 合併指標
 (30 天內沒有已合併 PR)

描述

As rfc6347#section-4.1.2.7

If DTLS is being carried over a transport that is resistant to 
forgery (e.g., SCTP with SCTP-AUTH), then it is safer to send alerts 
because an attacker will have difficulty forging a datagram that will 
not be rejected by the transport layer.

But in OpenSSL, invalid records is silently discarded in DTLS over udp and sctp-auth,

Could OpenSSL send alerts when DTLS is being carried over a transport that is resistant to forgery (e.g., SCTP with SCTP-AUTH)?

貢獻者指南