Requirements for use with WebRTC

[valkum]

The WebRTC spec defines some requirements for the used DTLS implementation:

At least the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite needs to be supported with support for the P-256.
Both of these requirements are met in rustls (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 & P-256).

Firefox additionally has support for P-384 and x25519 as well as TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.
Chrome adds TLS_RSA_WITH_AES_128_GCM_SHA256 on top. Except the added one of chrome all are supported by rustls, so this is fine. Both Chrome and Firefox also have support for CBC ones, but I guess we can ignore them (at least for now).

Furthermore, "Implementations MUST NOT implement DTLS renegotiation and MUST reject it with a "no_renegotiation" alert if offered."
So I guess It would be nice if dtls-rs could allow to configure in which cases an alert should be created in addition to allow configuring stuff like renegotiation.

The spec has some more API requirements I will not copy here. Could you have a look at them too?

[ShadowJonathan]

rustls doesn't allow renegotiation, and at the moment i'm following their footsteps in terms of security choices, so I guess it'll be alright there.

The spec has some more API requirements I will not copy here. Could you have a look at them too?

Yes, if i could see what more logic needs to be implemented at the DTLS layer, i can consider how i can offer that.