bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

DTLS 1.3 support

Open JonathanLennox opened this issue 2 years ago • 4 comments

BouncyCastle should support DTLS 1.3.

It's not imminently needed, but since (D)TLS 1.2 doesn't seem likely to get any post-quantum KEMs, DTLS 1.3 will be needed to protect DTLS traffic (and things derived from it, like WebRTC traffic) from harvest-now-decrypt-later attacks.

JonathanLennox avatar Aug 07 '23 18:08 JonathanLennox

If I try to use DTLS 1.3 I get the follow exception:

org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
	at org.bouncycastle.tls.DTLSClientProtocol.generateClientHello(DTLSClientProtocol.java:406)
	at org.bouncycastle.tls.DTLSClientProtocol.clientHandshake(DTLSClientProtocol.java:91)
	at org.bouncycastle.tls.DTLSClientProtocol.connect(DTLSClientProtocol.java:52)

Any progress on it?

Horcrux7 avatar Dec 07 '23 15:12 Horcrux7

Hello, Do you have any update on supporting DTLS1.3?

Thanks.

Frosne avatar Jan 25 '24 16:01 Frosne