Topic: WolfSSL Connection ID: Does it Support Sessions Across IP Changes?

I'm using WolfSSL's Connection ID in a DTLS setup and need to maintain session continuity when the client's IP changes mid-session. I understand that Connection ID should ideally allow packets to be identified with an existing session even if the IP changes.
However, when this happens, I get "Ignored packet from invalid peer" errors. Do I need to implement additional logic to associate new packets with the existing session manually, or should WolfSSL handle this by default with Connection ID?

Share

Re: WolfSSL Connection ID: Does it Support Sessions Across IP Changes?

Hi Sunnysunday,

I have requested a review of this topic by our engineers.

Thanks,
Eric - wolfSSL Support

Re: WolfSSL Connection ID: Does it Support Sessions Across IP Changes?

Hi Sunnysunday,

we are currently working on expanding our connection ID support. You can view the progress at:
    https://github.com/julek-wolfssl/wolfss … rver-demux
    https://github.com/julek-wolfssl/wolfss … rver-demux
The wolfssl-examples repo contains an example server at `dtls/server-dtls-demux.c` that shows how to handle multiple connections with connection ID support. Please note that this is a work in progress that uses new APIs introduced in the first link.

Please feel free to provide feedback about these changes.

Sincerely
Juliusz

Share