On 09/02/2018 10:44, aperfectman wrote:
> Hello team,
> I am looking for a loader balancer to support DTLS on UDP and found that
> there is experimental DTLS support in specific version 1.13.0 Nginx.
> http://nginx.org/patches/dtls/README.txt >
> Just curious about the progress of releasing the official feature? And is
> it being supported in Nginx Plus?
have you tested the patch? Any feedback?
I had similar issue recently and found out that the NGINX patch for DTLS
doesn't seem to support PSK. Depending on the client cipher negociation at
handshake time you might or might not encounter "no shared cipher". If you
can, you should force your client to use an "SSL" cipher supported by nginx
(and not a PSK one).
A patched version of NginxPlus is available on request from Nginx customer
care (based on 1.18.0).
AFAIK the DTLS feature is expected to be deployed in either next or the
other one release.
Tested the NginxPlus patch for DTLS. UDP healthchecking doesn't work
(ptoxy_timeout 1s, proxy_responses:1, my server answers every single request
right away). Reproducible with Californium Scandium demos.