Jump to content
  • Advertisement
Sign in to follow this  
AeonBear

OpenSSL DTLS server structure suggestions?

This topic is 821 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello. Recently I read an article about securing UDP traffic using DTLS. I'm trying to create a basic server architecture in c++ using OpenSSL but I have not been able to use DTLS like UDP. Does anyone have any experience working with DTLS?

 

I have seen an example open a new thread per client. The problem with that structure is coordinating all the read buffers. Using a thread per client seems like a lot of overhead compared to UDP with one single receive thread that gets data from all clients.

Edited by AeonBear

Share this post


Link to post
Share on other sites
Advertisement

I have seen an example open a new thread per client.


Just because the example does it, doesn't mean that you have to do it.
You can still use a single input socket (I presume they do that in the example?) and as long as you associate contexts for the OpenSSL library with the correct remote source (using some hash table, typically,) it can all live in the same thread.
Unfortunately, I haven't used OpenSSL DTLS in anger, and don't remember the exact names of the data structures/functions, so I can't contribute more than that.

Share this post


Link to post
Share on other sites

Just because the example does it, doesn't mean that you have to do it.

You can still use a single input socket (I presume they do that in the example?) and as long as you associate contexts for the OpenSSL library with the correct remote source (using some hash table, typically,) it can all live in the same thread.
Unfortunately, I haven't used OpenSSL DTLS in anger, and don't remember the exact names of the data structures/functions, so I can't contribute more than that.

 

 

Thank you, I took your advice and tried to create a single loop but I have ran into problems. SSL_read is blocking. This blocks new handshakes and reads from other clients.

 

It seems using blocking threads or asynchronous IO both have their own complexities that I will need to solve. I was hoping someone had already ran into these problems and found the path of least resistance. I believe I need to just put in the work and keep trying until I find what works best for my application.

Share this post


Link to post
Share on other sites

SSL_read is blocking


I looked at the documentation, and it seems SSL_read() isn't a good match for a typical DTLS program.
There appears to be some "use OpenSSL on a memory stream" functions/structs, that could probably be used instead.
Another option would be to make the socket non-blocking. Calling SSL_read() would then make it return an error (something like SSL_WANT_READ.)
Try this: https://funcptr.net/2012/04/08/openssl-as-a-filter-(or-non-blocking-openssl)/

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!