0

I am writing a small CoAP client/server program, over DTLS, in C, using the libcoap library. Analyzing the traffic with Wireshark reveals that the server chooses the TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256.

I want to change cipher suite, for evaluation purposes. How do I do this? There doesn't seem to be an option anywhere for specifying the suite. Also, I compiled libcoap with OpenSSL as backend.

If libcoap does not support this, is there a way of setting up DTLS myself and use libcoap to just handle the CoAP packets?

Noxet
  • 236
  • 4
  • 16

1 Answers1

1

Try to configure the cipher suites in the dtls context.

file: "coap_openssl.c", (about line 395, depends on your version), function: "void *coap_dtls_new_context(struct coap_context_t *coap_context)",

SSL_CTX_set_min_proto_version(context->dtls.ctx, DTLS1_2_VERSION);
SSL_CTX_set_app_data(context->dtls.ctx, &context->dtls);
SSL_CTX_set_read_ahead(context->dtls.ctx, 1);

SSL_CTX_set_cipher_list(context->dtls.ctx, "ECDHE-PSK-AES128-CBC-SHA256:PSK-AES128-CCM8:ECDHE-ECDSA-AES128-CCM8");

Add the "set_cipher_list" with the cipher suites you want.

Achim Kraus
  • 729
  • 1
  • 7
  • 11