[openssl-users] DTLS without sockets (or at least an unconnected socket)

Matt Caswell matt at openssl.org
Tue Apr 14 19:02:34 UTC 2015

On 14/04/15 19:45, Florian Weimer wrote:
> Is it possible to use DTLS with some sort of non-socket BIO?
> Basically, I have datagrams which I know belong to a specific DTLS
> session, and I want to feed them to OpenSSL and get back further
> datagrams to send out in response.  (This is similar to what SSLEngine
> does in OpenJDK, except there it's for plain TLS.)

DTLS currently supports UDP and SCTP for the underlying BIO. In theory
you could implement your own BIO to do whatever you want but it would
have to support the BIO ctrls that DTLS uses - see
crypto/bio/bss_dgram.c (in particular the dgram_ctrl and dgram_sctp_ctrl

> An example how to establish a DTLS session with multiple peers over an
> unconnected socket would help, too.

To do that you need to use DTLSv1_listen(). I recently wrote a man page
for this function, but it hasn't hit the repo yet. Attached FYI.

You might also want to check this page:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: DTLSv1_listen.pod
Type: application/x-perl
Size: 4030 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150414/3a8231a6/attachment.bin>

More information about the openssl-users mailing list