From be4627303ce69b0c06306832429bd624127b520b Mon Sep 17 00:00:00 2001 From: Lee Sanderson Date: Thu, 22 Apr 2021 20:09:52 +0100 Subject: [PATCH] Fixed potential denial of service attack in DTLS server by implementing handshake timeout (requires upgrade to latest version of bouncy castle) --- CoAP.NET/CoAP.Std10.csproj | 1 + CoAP.NET/DTLS/DtlsServer.cs | 5 +++++ CoAP.Test/CoAP.Test.Std10.csproj | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CoAP.NET/CoAP.Std10.csproj b/CoAP.NET/CoAP.Std10.csproj index 98bb500..c07f325 100644 --- a/CoAP.NET/CoAP.Std10.csproj +++ b/CoAP.NET/CoAP.Std10.csproj @@ -266,6 +266,7 @@ It is intented primarily for research and verification work. + diff --git a/CoAP.NET/DTLS/DtlsServer.cs b/CoAP.NET/DTLS/DtlsServer.cs index 528ab65..f16dd80 100644 --- a/CoAP.NET/DTLS/DtlsServer.cs +++ b/CoAP.NET/DTLS/DtlsServer.cs @@ -41,6 +41,11 @@ public DtlsServer(TlsKeyPairSet serverKeys, KeySet userKeys) public OneKey AuthenticationKey => mPskIdentityManager.AuthenticationKey; public Certificate AuthenticationCertificate { get; private set; } + public override int GetHandshakeTimeoutMillis() + { + return 60000; // 60 seconds + } + // Chain all of our events to the next level up. private void OnTlsEvent(Object o, TlsEvent e) diff --git a/CoAP.Test/CoAP.Test.Std10.csproj b/CoAP.Test/CoAP.Test.Std10.csproj index ec9ae62..f15b79f 100644 --- a/CoAP.Test/CoAP.Test.Std10.csproj +++ b/CoAP.Test/CoAP.Test.Std10.csproj @@ -11,7 +11,7 @@ - +