chore: use lower security level for DTLS example

shamblett · Dec 12, 2024 · 90e11b4 · 90e11b4
1 parent c69511b
commit 90e11b4
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/example/get_resource_secure.dart b/example/get_resource_secure.dart
@@ -30,6 +30,14 @@ PskCredentials pskCredentialsCallback(final String? identityHint) =>
 class DtlsConfig extends DefaultCoapConfig {
   @override
   String? get dtlsCiphers => 'PSK-AES128-CCM8';
+
+  @override
+  // Since TLS_PSK_WITH_AES_128_CCM_8 (also known as PSK-AES128-CCM8 in OpenSSL)
+  // is considered insecure in more recent versions of OpenSSL, we reduce the
+  // security level here, as TLS_PSK_WITH_AES_128_CCM_8 is the mandatory cipher
+  // suite that CoAP implementations must support when using DTLS in PSK mode
+  // (see section 9.1.3.1 of RFC 7252).
+  int? get openSslSecurityLevel => 0;
 }
 
 FutureOr<void> main() async {