在OpenSSL上将DTLS与UDP套接字一起使用时,如何正确处理连接和SSL会话? [英] When using DTLS with UDP sockets on OpenSSL, how do you properly handle the connection and SSL session?
问题描述
使用TCP相当容易,因为它是基于连接的,一旦建立连接,您就可以设置一次与该连接关联的SSL对象并流传输数据...但是UDP是无连接的,所以这意味着我必须为我从客户端获得的每个UDP数据包设置一个新的SSL对象?只要我与同一个客户端通信,是否可以使用相同的SSL对象进行后续从套接字读取的操作?
即使使用UDP,您仍然可以绑定"和连接"套接字.如果使用的是OpenSSL,则使用DTLSv1_listen()等待来自新客户端的连接.当一个到达时,创建一个新的套接字,该套接字连接到客户端的地址/端口,并对该套接字使用一个新的SSL对象.到该客户端的所有后续DTLS数据包/从该客户端发出的所有DTLS数据包都可以使用相同的SSL对象.
With TCP it is pretty easy because is connection-based and once a connection is established you can set up the SSL object associated with that connection once and stream data...UDP however is connection-less, so does this mean I have to set up a new SSL object for each UDP packet I get from a client? Is there a way I could use the same SSL object for subsequent reads from the socket as long as I'm talking to the same client?
Even with UDP you can still "bind" and "connect" a socket. If you are using OpenSSL then use DTLSv1_listen() to await a connection from a new client. When one arrives, create a new socket which is connected to the client's address/port and use a new SSL object for that socket. All subsequent DTLS packets to/from that client can use the same SSL object.
这篇关于在OpenSSL上将DTLS与UDP套接字一起使用时,如何正确处理连接和SSL会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!