dtls – WindowsTechs.com

Penetration testing a VPN client DTLS traffic?

Posted on December 25, 2022 by uvzz

I’m trying to perform a pentest on a VPN server.
I’m trying to find a way to intercept, decrypt and manipulate the DTLS traffic between the VPN client and server – Burp suite style.
In the VPN client, I can enter a server IP address to con… Continue reading Penetration testing a VPN client DTLS traffic?→

Penetration testing a VPN client DTLS traffic? [closed]

Posted on December 25, 2022 by uvzz

With SCTP and SHA-1 the random parameters are exchanged in init and init ack. What is used as HMAC key?

Posted on April 14, 2021 by Jay Johnson

SCTP INIT has client random parameter.
SCTP INIT ACK has server random parameter.

There are no shared keys.
Using SHA-1, what key does the client or server use when performing the HMAC calculation?
Does the sender use their own random pa… Continue reading With SCTP and SHA-1 the random parameters are exchanged in init and init ack. What is used as HMAC key?→

How does one programmatically enable Keep Alive in DTLS? [migrated]

Posted on November 19, 2020 by Shiva

How does one programmatically (by calling an API) enable Keep-Alive in DTLS?
I am using BIO_new_dgram() to connect in OpenSSL 1.1.1 series.

Continue reading How does one programmatically enable Keep Alive in DTLS? [migrated]→

DTLS vs direct use of AES. What are the threats unique for direct use of AES instead of DTLS?

Posted on June 10, 2020 by Vlad Novakovsky

For regular traffic in mesh network (between Internet of Thing devices) customer decided to use one of two options:

DTLS PSK ciphersuite – DTLS based on pre-shared symmetric key
or direct use of AES – customer wants to minimize traffic be… Continue reading DTLS vs direct use of AES. What are the threats unique for direct use of AES instead of DTLS?→

Using Noise Framework KK as alternative to DTLS?

Posted on May 24, 2020 by Pepperized

I am trying to create a secure UDP connection in NET Core. Due to DTLS not being supported and it being quite the headache and existing libraries (DTLS.Net) are limited and inactive. Noise Framework seems good as I can customise it to our … Continue reading Using Noise Framework KK as alternative to DTLS?→

Setting Min TLS version for OpenConnect client

Posted on May 17, 2020 by Kayvan Tehrani

I’m using ‘OpenConnect version v8.05’ on Red Hat Enterprise Linux 8.1 (Ootpa) in order to connect to a server.
The server only accepts SSLv3, TLSv1.0 ciphers and I don’t have access to the server for security update/upgrade.
When I try to … Continue reading Setting Min TLS version for OpenConnect client→

Why is DTLS-SRTP more efficient for RTP/RTCP than just DTLS 1.2?

Posted on January 29, 2020 by asinix

While I understand the differences between DTLS-SRTP and pure DTLS, I cannot find much information on why exactly is DTLS-SRTP really “optimized” over generic DTLS 1.2.

RFC 5764’s Introduction makes an obvious statement but without spec… Continue reading Why is DTLS-SRTP more efficient for RTP/RTCP than just DTLS 1.2?→

How to pentest DTLS-SRTP?

Posted on July 5, 2015 by alsterisk

I’m currently working on a penetration test about DTLS-SRTP strengths and weaknesses. But I’m stuck on an eavesdropping test using Wireshark.

Yes, it’s protected by SRTP, but:

What’s DTLS actually doing/working on the media channel? … Continue reading How to pentest DTLS-SRTP?→

What changed between TLS and DTLS

Posted on January 16, 2013 by tylerl

What did the DTLS (TLS over UDP) authors have to change so that it could run without TCP?

Bonus points:
Do any of the protocol difference affect the way it should be used, both in terms of interface but also best-practices?

Continue reading What changed between TLS and DTLS→