An auto-sense server falling back from DTLS 1.3 to DTLS 1.2 unconditionally constructs the certificate-auth Server12, so a server built with Dtls::new_auto and a with_psk_server(...) config cannot accept a DTLS 1.2 PSK client — the handshake fails with No mutually acceptable cipher suite. The same PSK config works via Dtls::new_12_psk.
|
fn handle_pending_auto_server(&mut self) -> Result<(), Error> { |
|
// Take buffered packets and last_now from the Server13 before replacing it. |
|
|
|
// unwrap: is ok, because we can only be here if the inner is a Server13. |
|
let server = match self.inner.take().unwrap() { |
|
Inner::Server13(server) => server, |
|
_ => unreachable!(), |
|
}; |
|
|
|
let (config, cert, now, buffered) = server.into_parts(); |
|
|
|
let mut server12 = Server12::new(config, cert, now); |
|
server12.handle_timeout(now)?; |
|
|
|
self.inner = Some(Inner::Server12(server12)); |
|
|
|
for p in &buffered { |
|
self.handle_packet(p)?; |
|
} |
|
Ok(()) |
|
} |
An auto-sense server falling back from DTLS 1.3 to DTLS 1.2 unconditionally constructs the certificate-auth
Server12, so a server built withDtls::new_autoand awith_psk_server(...)config cannot accept a DTLS 1.2 PSK client — the handshake fails withNo mutually acceptable cipher suite. The same PSK config works viaDtls::new_12_psk.dimpl/src/lib.rs
Lines 520 to 540 in cda235a