On 09/02/2018 10:44, aperfectman wrote:
> Hello team,
> I am looking for a loader balancer to support DTLS on UDP and found that
> there is experimental DTLS support in specific version 1.13.0 Nginx.
> http://nginx.org/patches/dtls/README.txt >
> Just curious about the progress of releasing the official feature? And is
> it being supported in Nginx Plus?
have you tested the patch? Any feedback?
I had similar issue recently and found out that the NGINX patch for DTLS
doesn't seem to support PSK. Depending on the client cipher negociation at
handshake time you might or might not encounter "no shared cipher". If you
can, you should force your client to use an "SSL" cipher supported by nginx
(and not a PSK one).
A patched version of NginxPlus is available on request from Nginx customer
care (based on 1.18.0).
AFAIK the DTLS feature is expected to be deployed in either next or the
other one release.
Tested the NginxPlus patch for DTLS. UDP healthchecking doesn't work
(ptoxy_timeout 1s, proxy_responses:1, my server answers every single request
right away). Reproducible with Californium Scandium demos.
I have been using it for more than a year now for more than 500 IoT devices
with a cellular connection that connect on average about 4 times per day. My
experience has been very positive: easy to set up and no issues at all (both
for the 1.13.0 and the 1.13.9 patch).
As NGINX is at 1.17 already, I'd like to update as well. Are there any plans
to either release a new patch, or preferably, integrate this into the main
On Tue, Sep 10, 2019 at 05:12:48AM -0400, everhardt wrote:
> I have been using it for more than a year now for more than 500 IoT devices
> with a cellular connection that connect on average about 4 times per day. My
> experience has been very positive: easy to set up and no issues at all (both
> for the 1.13.0 and the 1.13.9 patch).
> As NGINX is at 1.17 already, I'd like to update as well. Are there any plans
> to either release a new patch, or preferably, integrate this into the main
Currently there are no such plans.
What kind of functionality are you using? Do you terminate DTLS or proxy
it ? For the latter, you don't need patches, as recent nginx version
support UDP "sessions".