Update module github.com/pion/dtls/v2 to v3 (main) - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/pion/dtls/v2	v2.2.12 → v3.0.0

---

Release Notes

pion/dtls (github.com/pion/dtls/v2)

v3.0.0

Compare Source

Pion DTLS v3.0.0 is now available. Pion DTLS is a Go implementation of DTLS. It allows for secure communication over UDP. It is commonly used for VPNs, WebRTC and other real-time protocols.

This release includes 115 commits from 17 authors. This release added Connection Identifiers, concurrent handshaking when Accepting inbound connections, Censorship Circumvention and better resilience against packet loss during handshaking.

A special thank you to kevmo314 and hasheddan for all their hard work on making this release happen.

This release contains breaking changes. Please read the following carefully, the breakage can't be caught at compile time. Each change will have a linked commit. Looking at examples/ in the linked commit should show what code you need to change in your application.

Breaking Changes

Before /v2 Pion DTLS would handshake on Server or Client creation. This design caused the Accept implementation to be blocking. A new connection couldn't be accept until the previous one had finished.
This design also doesn't match the crypto/tls implementation in stdlib. This mismatch would cause frustration/confusion for users.

Now the handshaking only occurs when Read,Write or Handshake is called. In most cases users shouldn't notice a difference.
If you do want a Handshake performed without a Read or Write this is the change needed.

Before

  dtlsConn, err := dtls.Client(dtlsEndpoint, dtlsConfig)
  if err != nil {
    // handle error
  }

  // Perform logic from negotiated SRTP Profile
  srtpProfile, ok := dtlsConn.SelectedSRTPProtectionProfile()

After

  dtlsConn, err = dtls.Client(dtlsEndpoint, dtlsEndpoint.RemoteAddr(), dtlsConfig)
  if err != nil {
    // handle error
  }

  err = dtlsConn.Handshake()
  if err != nil {
    // Explicitly perform handshake
  }

  // Perform logic from negotiated SRTP Profile
  srtpProfile, ok := dtlsConn.SelectedSRTPProtectionProfile()

This change was made in e4064683

New Features

Connection IDs

Connection IDs is a new feature added to the DTLS protocol itself. This change allows for clients to change IPs/Ports during a session. This allows for devices to roam (like phones) or for low power devices to shut down and reconnect without losing their DTLS session!

Connection ID generation is pluggable via the dtls.Config structure, and a random CID generator with a static size is provided for convenience. A new example has been added to demonstrate this functionality.

For those interested in digging deeper into the full set of changes, the majority of work was done in #​570.

Censorship Circumvention

Software that is used to circumvent censorship like snowflake uses Pion. To block this (and other) software goverments have looked for patterns and differences in Pion DTLS and blocked it.

This new release contains hooks that allows users to randomize and circumvent these blocks. Users can modify ClientHello, ServerHello and CertificateRequest. Users can also smuggle information in a ServerHello/ClientHello RandomBytes.

You can see them all here here

Changelog

The complete log between v2.2.7 and v3.0.0:

• 0a8d838 Prepare /v3
• b6fd38e Update module github.com/pion/transport/v3 to v3.0.5
• e406468 Perform handshake on first read/write
• 6178064 Mark NULL and AES256CM SRTP ciphers as supported
• bc3159a Added DTLS-SRTP IDs for NULL and AES256CM ciphers
• d013d0c On Read Retransmit send FSM to SENDING
• ec76652 Retransmit last flight when in finished
• 602dc71 Make localConnectionID thread safe
• 0a1b73a Respect disableRetransmitBackoff
• a6d9640 Add OnConnectionAttempt to Config
• 48d6748 Implement retransmit backoff according to 4.2.4.1
• 45e16a0 Update module golang.org/x/net to v0.26.0
• a5d1fac Flight3: respect curves configuration
• 61b3466 Add ability to select cert based on ch rand bytes
• eddca22 Update module golang.org/x/crypto to v0.24.0
• edc7ad0 Limit size of encrypted packet queue
• fbbdf66 Update module golang.org/x/net to v0.25.0
• efd6737 Add test for PSK and Identity
• cb62aac Fix typo in test
• 494c1a3 Remove testify dependency
• adec94a Update golang Docker tag to v1.22
• 8738ce1 Add handshake hooking
• 2c36d63 Update module golang.org/x/net to v0.24.0
• d606c79 Update module golang.org/x/crypto to v0.22.0
• f6f666e Update module golang.org/x/net to v0.23.0 [SECURITY]
• e008bc4 Update CI configs to v0.11.12
• 3e667b0 Update go.mod version to 1.19
• ae51db9 Update CI configs to v0.11.7
• 8244c45 Update CI configs to v0.11.4
• 0ad9cfd Update module github.com/pion/transport/v3 to v3.0.2
• 8a93e0e Fix TestErrorsTemporary
• 38e39e4 Update module golang.org/x/net to v0.22.0
• a245727 Update module golang.org/x/crypto to v0.21.0
• 5e95b5c Update module github.com/stretchr/testify to v1.9.0
• 35a00d3 Fix linter errors
• 96b8c29 Fix linter errors
• 2597464 Update module golang.org/x/net to v0.20.0
• 42b6772 Update module golang.org/x/crypto to v0.18.0
• bb54a30 If not found in the cache return nil
• 3427819 Format code
• 798b32a Fix flight1parse processing exception
• ba72fba Update CI configs to v0.11.3
• 520d84c Update CI configs to v0.11.0
• cfa868c Remove 'AUTHORS.txt' from README.md
• b4a403c Remove 'Generate Authors' workflow
• 9ffd96c Drop invalid record silently during handshake
• 3e8a7d7 Update module golang.org/x/crypto to v0.17.0 [SECURITY]
• dc751e3 Update module golang.org/x/net to v0.19.0
• 3f3d833 Update module golang.org/x/crypto to v0.16.0
• a8f7062 Use atomic to avoid stale SRTP protection profile
• 9cc3df9 Respect Algorithm value in CertificateRequest
• 7faf25f Update module golang.org/x/net to v0.17.0 [SECURITY]
• c864545 Update module golang.org/x/net to v0.15.0
• 28431d9 Export CipherSuiteID in connection State
• 8401874 Update module golang.org/x/crypto to v0.13.0
• 744e27a Update actions/checkout action to v4
• 2b584af Specifying underlying type of conn ID atomic.Value
• 70caf30 Use atomic.Value to maintain Go 1.13 compatibility
• 60064c6 Update module github.com/pion/transport/v3 to v3.0.1
• ef50d6b Update AUTHORS.txt
• 7e5003a Update AUTHORS.txt
• dbc7fd9 Update module github.com/pion/transport/v3 to v3.0.0
• a681f67 Correctly identify client and server with PSK ID
• e85f106 Update module github.com/pion/transport/v2 to v2.2.2
• 7bf18f8 Update module golang.org/x/net to v0.14.0
• 609e5be Clear CIDs on potential session resumption
• e142ee1 Serialize CIDs in state
• 37fbc04 Add CID send only client example
• 6df50a6 Add CID listener example
• f5875c1 Set UDP routing if CID is enabled
• e663309 Add CID routing unit tests
• 9db84b5 Add CID based datagram routing
• a8998af Add UDP net.PacketListener unit tests
• 71db42b Introduce UDP net.PacketListener
• 3afeb7d Add PacketBuffer unit tests
• eb305b1 Introduce net PacketBuffer
• 703da0c Consume net package in tests
• 4f53ce1 Introduce net package
• f1d8b0a Wrap Alerts when CID is negotiated
• 3082313 Convert nil CIDs to empty byte slice
• 83b1254 Fix name of cipher suite initialization function
• 818feb8 Set timeout to 10 minutes on e2e workflow
• d29c6f0 Add basic connection ID generators
• 2f2bc8d Add e2e CID tests
• ee04141 Update tests to wrap net.Conn
• f960a37 Wrap net.Conn in DTLS listener
• afb61f1 Update DTLS Conn to use PacketConn and CID
• d082911 Add Conn to PacketConn utility
• e5420de Update handshaker to handle CID extension
• 8922879 Update ciphersuites to support CIDs
• 8ba47cb Implement AEAD additional data with CID
• 27fd131 Add local and remote CID to state
• 9a37bfd Implement AddUint48 utility
• 1ce6f27 Add CID content type
• 6af61b1 Allow packets to specify CID wrapped
• b7b1e44 Add support for CID related generators
• 2005135 Add support for parsing CID records
• 9e4a4e7 Add DTLS connection ID extension
• e9b3ce0 Update pion/transport to latest
• a1d270f Update module golang.org/x/crypto to v0.12.0
• a6eca6c Update CI configs to v0.10.11
• eb34e7d Update module golang.org/x/net to v0.13.0
• c9eb5f2 Update module golang.org/x/net to v0.12.0
• b033847 Clean up unneccessary nested logic
• 7307f62 Fix return of nil alertErrors
• b905606 Add unmarshal unit tests for extensions
• 0736d45 Fix parsing supported EC point formats
• 93704b3 Add Daniel Mangum to AUTHORS.txt
• cabe5b8 Enable Supported Signature Algorithms
• 265bf11 Enable Elliptic Curve Supported Point Formats
• d7303d0 Wait for OpenSSL server shutdown in e2e test
• 159122f Update e2e Go image to 1.20
• 8a11cf2 Remove extraneous error checks in handshaker
• 4fc3d8f Update module golang.org/x/net to v0.11.0
• 4b76abf Update module golang.org/x/crypto to v0.10.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.