179
179
transport functions with functions that emulate the operation
180
180
of @code{recvfrom} and @code{sendto}. In addition
181
181
@acronym{DTLS} requires timers during the receive of a handshake
182
message. This requires the following function to be used.
182
message. This requires the @funcref{gnutls_transport_set_pull_timeout_function} function to be used.
184
184
@showfuncdesc{gnutls_transport_set_pull_timeout_function}
196
196
of the peer's identity. When certificates are in use,
197
197
this can be done, either after the handshake is complete, or during
198
198
the handshake if @funcref{gnutls_certificate_set_verify_function}
199
has been used. In both cases the following function can be
199
has been used. In both cases the @funcref{gnutls_certificate_verify_peers2} function can be
200
200
used to verify the peer's certificate (see @ref{Certificate authentication}
201
201
for more information).
207
207
Once the handshake is complete and peer's identity
208
208
has been verified data can be exchanged. The available
209
209
functions resemble the POSIX @code{recv} and @code{send}
210
functions. It is suggested to use @funcref{gnutls_error_is_fatal}
211
to check whether the error codes returned by these functions are
212
fatal for the protocol or can be ignored.
212
214
@showfuncdesc{gnutls_record_send}
214
216
@showfuncdesc{gnutls_record_recv}
218
@showfuncdesc{gnutls_error_is_fatal}
216
220
In DTLS it is adviceable to use the extended receive
217
221
function shown below, because it allows the extraction
218
222
of the sequence number. This is required in DTLS because
231
235
session. That way the peer is notified securely about the
232
236
intention of termination, which allows distinguishing it
233
237
from a malicious connection termination.
238
A session can be deinitialized with the @funcref{gnutls_deinit} function.
235
240
@showfuncdesc{gnutls_bye}
237
A session can be deinitialized using the following function.
239
241
@showfuncdesc{gnutls_deinit}
241
243
@subsection Asynchronous operation
275
277
to generate a secret key that is used to sign a cookie@footnote{A key of 128 bits or 16 bytes should be sufficient for this purpose.}.
276
278
That cookie is sent to the client using @funcref{gnutls_dtls_cookie_send}, and
277
279
the client must reply using the correct cookie. The server side
278
should verify the initial message sent by client using @funcref{gnutls_dtls_cookie_verify},
279
if successful associate a session with the cookie using @funcref{gnutls_dtls_prestate_set}
280
and proceed to a proper handshake.
282
@showfuncdesc{gnutls_key_generate}
284
@showfuncdesc{gnutls_dtls_cookie_send}
286
@showfuncdesc{gnutls_dtls_cookie_verify}
288
@showfuncdesc{gnutls_dtls_prestate_set}
280
should verify the initial message sent by client using @funcref{gnutls_dtls_cookie_verify}.
281
If successful a the session should be initialization and associated with
282
the cookie using @funcref{gnutls_dtls_prestate_set}.
284
@showfuncD{gnutls_key_generate,gnutls_dtls_cookie_send,gnutls_dtls_cookie_verify,gnutls_dtls_prestate_set}
291
286
Note that the above apply to server side only and they are not mandatory to be
292
287
used. Not using them, however, allows denial of service attacks.
295
290
Datagrams are typically restricted by a maximum transfer unit (MTU). For that
296
291
both client and server side should set the correct maximum transfer unit for
297
the layer underneath @acronym{GnuTLS}. This would allow proper fragmentation
292
the layer underneath @acronym{GnuTLS}. This will allow proper fragmentation
298
293
of DTLS messages and prevent messages from being silently discarded by the
299
294
transport layer. The ``correct'' maximum transfer unit can be obtained through
300
295
a path MTU discovery mechanism @xcite{RFC4821}.
302
@showfuncdesc{gnutls_dtls_set_mtu}
304
@showfuncdesc{gnutls_dtls_get_mtu}
305
@showfuncdesc{gnutls_dtls_get_data_mtu}
297
@showfuncC{gnutls_dtls_set_mtu,gnutls_dtls_get_mtu,gnutls_dtls_get_data_mtu}
307
299
@node Priority Strings
308
300
@section Priority strings
310
In order to specify cipher suite preferences on client or server side, the
311
previously mentioned priority functions accept a string
312
that specifies the enabled for the handshake algorithms.
313
That string may contain some high level keyword such as
314
the keywords in @ref{tab:prio-keywords}
315
or it might contain special keywords, to be explained
302
In order to specify cipher suite preferences on a TLS session
303
there are priority functions that accept a string
304
specifying the enabled for the handshake algorithms.
305
That string may contain a high level keyword such as
306
in @ref{tab:prio-keywords} or combination of a high level
307
keyword, additional algorithm keywords and special keywords.
318
309
@showfuncD{gnutls_priority_set_direct,gnutls_priority_init,gnutls_priority_deinit,gnutls_priority_set}
362
353
Unless the first keyword is "NONE" the defaults (in preference
363
354
order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0, SSL3.0; for
364
compression NULL; for certificate types X.509, OpenPGP.
365
For key exchange algorithms when in NORMAL or SECURE levels the
355
compression NULL; for certificate types X.509.
356
In key exchange algorithms when in NORMAL or SECURE levels the
366
357
perfect forward secrecy algorithms take precedence of the other
367
358
protocols. In all cases all the supported key exchange algorithms
368
359
are enabled (except for the RSA-EXPORT which is only enabled in
371
The NONE keyword must followed by the algorithms to be enabled,
361
The NONE keyword, if used, must followed by the algorithms to be enabled,
372
362
and is used to provide the exact list of requested algorithms@footnote{To avoid collisions in order to specify a compression algorithm in
373
363
this string you have to prefix it with "COMP-", protocol versions
374
364
with "VERS-", signature algorithms with "SIGN-" and certificate types with "CTYPE-". All other
421
411
CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, CURVE-SECP521R1. Catch all is CURVE-ALL.
424
@caption{The supported priority strings.}
414
@caption{The supported algorithm keywords in priority strings.}
438
428
@item %NO_EXTENSIONS @tab
439
429
will prevent the sending of any TLS extensions in client side. Note
440
that TLS 1.2 requires extensions to be used, thus this option must
430
that TLS 1.2 requires extensions to be used, as well as safe
431
renegotiation thus this option must be used with care.
443
433
@item %DISABLE_SAFE_RENEGOTIATION @tab
444
434
will disable safe renegotiation
654
644
@node Echo Server with OpenPGP authentication
655
645
@subsection Echo server with @acronym{OpenPGP} authentication
656
@cindex @acronym{OpenPGP} server
646
@cindex OpenPGP server
658
648
The following example is an echo server which supports
659
649
@acronym{OpenPGP} key authentication. You can easily combine
902
892
@cindex random numbers
904
894
Access to the random number generator is provided using the @funcref{gnutls_rnd}
895
function. It allows obtaining random data of various levels.
897
@showenumdesc{gnutls_rnd_level_t,The random number levels.}
907
898
@showfuncdesc{gnutls_rnd}