MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE macro

\def MBEDTLS_SSL_DTLS_SRTP Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension. Setting this option enables the runtime API mbedtls_ssl_conf_dtls_srtp_protection_profiles() through which the supported DTLS-SRTP protection profiles can be configured. You must call this API at runtime if you wish to negotiate the use of DTLS-SRTP. Requires: MBEDTLS_SSL_PROTO_DTLS Uncomment this to enable support for use_srtp extension. \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE Enable server-side support for clients that reconnect from the same port. Some clients unexpectedly close the connection and try to reconnect using the same source port. This needs special support from the server to handle the new connection securely, as described in section 4.2.8 of RFC 6347. This flag enables that support. Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY Comment this to disable support for clients reusing the source port.

Syntax

Show:

Summary

Declaration

from mbedtls_config.h:1998

#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE

Notes

This feature provides the minimum functionality required to negotiate the use of DTLS-SRTP and to allow the derivation of the associated SRTP packet protection key material. In particular, the SRTP packet protection itself, as well as the demultiplexing of RTP and DTLS packets at the datagram layer (see Section 5 of RFC 5764), are not handled by this feature. Instead, after successful completion of a handshake negotiating the use of DTLS-SRTP, the extended key exporter API mbedtls_ssl_conf_export_keys_cb() should be used to implement the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 (this is implemented in the SSL example programs). The resulting key should then be passed to an SRTP stack.