Review Request of JDK Enhancement Proposal: DTLS

Florian Weimer fweimer at redhat.com
Mon Mar 24 08:07:01 UTC 2014


On 03/20/2014 01:31 AM, Matthew Hall wrote:

> Is there an existing method for determining valid PMTU from inside of Java? If
> not then supplying correct segment size to whatever DTLSEngine (or however
> it's named) class would be non-trivial and could require native code.
>
> If there is not such support, then a separate spec would be needed to add that
> support, before it would be possible to get the new DTLS support to work very
> reliably.

I don't think it's wise to rely on PMTU for UDP.  It's not going to work 
reliably over the Internet.  Extensive kernel support only exists on 
Linux (and people argue that it's against the RFC).  The BSD sockets API 
cannot properly report ICMP errors even if the network generates.

Is this really required for DTLS?

-- 
Florian Weimer / Red Hat Product Security Team



More information about the security-dev mailing list