Review Request of JDK Enhancement Proposal: DTLS
Florian Weimer
fweimer at redhat.com
Mon Mar 24 08:07:01 UTC 2014
On 03/20/2014 01:31 AM, Matthew Hall wrote:
> Is there an existing method for determining valid PMTU from inside of Java? If
> not then supplying correct segment size to whatever DTLSEngine (or however
> it's named) class would be non-trivial and could require native code.
>
> If there is not such support, then a separate spec would be needed to add that
> support, before it would be possible to get the new DTLS support to work very
> reliably.
I don't think it's wise to rely on PMTU for UDP. It's not going to work
reliably over the Internet. Extensive kernel support only exists on
Linux (and people argue that it's against the RFC). The BSD sockets API
cannot properly report ICMP errors even if the network generates.
Is this really required for DTLS?
--
Florian Weimer / Red Hat Product Security Team
More information about the security-dev
mailing list