| Re: [leshan-dev] When does the DTLS session expires in an Leshan Server? |
Hi,
We are using Scandium [1], and for now there is no way to do that.
The StaleConnectionThreshold is the period of time of inactivity (in seconds) after which a connection is considered stale and can be evicted from the store if a new connection is to be added to the store.I opened a new issue about that : https://github.com/eclipse/
californium/issues/617
Simon[1]:https://github.com/
eclipse/californium
Le 24/04/2018 à 09:13, Andrei Baron a écrit :
Hi,I have implemented a Leshan Server and a Leshan Client that connects to the server using PSK mode.
I see the original Client - Server handshake in Wireshark, but after that the DTLS session seems to live forever.
After checking the TLS 1.2 spec where it says: "An upper limit of 24 hours is suggested for session ID lifetimes, since an attacker who obtains a master_secret may be able to impersonate the compromised party until the corresponding session ID is retired."
I guess that after 24h, the DTLS session will expire and there will be a new handshake made, but this was not what happened. After 24h the DTLS session was still alive.
Setting StaleConnectionThreshold to a lower value doesn't help, because this only makes a connection stale, so it can be removed when there are new connections that are waiting as there are a maxim active connections set to 150000. Setting the Max Connections to a lower value is not a solution for me, because will limit the number of parallel DTLS connections that the Leshan server will managed.
How can we find the Leshan Server DTLS session lifetime, and how can we configured it?
Thanks,Andrei Baron
_______________________________________________ leshan-dev mailing list leshan-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/ mailman/listinfo/leshan-dev