Fix compatibility with DTLS 1.3. (#2086)

Remove lingering pieces of DTLS 1.0 support.

jitsi-media-transform/src/main/kotlin/org/jitsi/nlj/dtls/TlsClientImpl.kt

@@ -137,6 +137,7 @@ class TlsClientImpl(
 
     override fun notifyHandshakeComplete() {
         super.notifyHandshakeComplete()
+        logger.cinfo { "Negotiated DTLS version ${context.securityParameters.negotiatedVersion}" }
         context.resumableSession?.let { newSession ->
 
             session?.let { existingSession ->
@@ -163,13 +164,7 @@ class TlsClientImpl(
         )
     }
 
-    override fun notifyServerVersion(serverVersion: ProtocolVersion?) {
-        super.notifyServerVersion(serverVersion)
-
-        logger.cinfo { "Negotiated DTLS version $serverVersion" }
-    }
-
-    override fun getSupportedVersions(): Array<ProtocolVersion> = arrayOf<ProtocolVersion>(ProtocolVersion.DTLSv12)
+    override fun getSupportedVersions(): Array<ProtocolVersion> = arrayOf(ProtocolVersion.DTLSv12)
 
     override fun notifyAlertRaised(alertLevel: Short, alertDescription: Short, message: String?, cause: Throwable?) =
         logger.notifyAlertRaised(alertLevel, alertDescription, message, cause)

jitsi-media-transform/src/main/kotlin/org/jitsi/nlj/dtls/TlsServerImpl.kt

@@ -114,37 +114,21 @@ class TlsServerImpl(
             (context.crypto as BcTlsCrypto),
             PrivateKeyFactory.createKey(certificateInfo.keyPair.private.encoded),
             certificateInfo.certificate,
-            /* For DTLS 1.0 support (needed for Jigasi) we can't set this to sha256 fixed */
-            if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(context.serverVersion)) {
-                SignatureAndHashAlgorithm(
-                    HashAlgorithm.sha256,
-                    SignatureAlgorithm.ecdsa
-                )
-            } else {
-                null
-            }
+            SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)
         )
     }
 
     override fun getCertificateRequest(): CertificateRequest {
         val signatureAlgorithms = Vector<SignatureAndHashAlgorithm>(1)
         signatureAlgorithms.add(SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))
-        return when (context.clientVersion) {
-            ProtocolVersion.DTLSv12 -> {
-                CertificateRequest(
-                    shortArrayOf(ClientCertificateType.ecdsa_sign),
-                    signatureAlgorithms,
-                    null
-                )
-            }
-            else -> throw DtlsUtils.DtlsException("Unsupported version: ${context.clientVersion}")
-        }
+        return CertificateRequest(shortArrayOf(ClientCertificateType.ecdsa_sign), signatureAlgorithms, null)
     }
 
     override fun getHandshakeTimeoutMillis(): Int = DtlsUtils.config.handshakeTimeout.toMillis().toInt()
 
     override fun notifyHandshakeComplete() {
         super.notifyHandshakeComplete()
+        logger.cinfo { "Negotiated DTLS version ${context.securityParameters.negotiatedVersion}" }
         context.resumableSession?.let { newSession ->
             val newSessionIdHex = ByteBuffer.wrap(newSession.sessionID).toHex()
 
@@ -182,18 +166,11 @@ class TlsServerImpl(
         notifyClientCertificateReceived(clientCertificate)
     }
 
-    override fun notifyClientVersion(clientVersion: ProtocolVersion?) {
-        super.notifyClientVersion(clientVersion)
-
-        logger.cinfo { "Negotiated DTLS version $clientVersion" }
-    }
-
     override fun notifyAlertRaised(alertLevel: Short, alertDescription: Short, message: String?, cause: Throwable?) =
         logger.notifyAlertRaised(alertLevel, alertDescription, message, cause)
 
     override fun notifyAlertReceived(alertLevel: Short, alertDescription: Short) =
         logger.notifyAlertReceived(alertLevel, alertDescription)
 
-    override fun getSupportedVersions(): Array<ProtocolVersion> =
-        ProtocolVersion.DTLSv12.downTo(ProtocolVersion.DTLSv10)
+    override fun getSupportedVersions(): Array<ProtocolVersion> = arrayOf(ProtocolVersion.DTLSv12)
 }