Function esp_idf_svc::sys::mbedtls_ssl_conf_dtls_badmac_limit
source · pub unsafe extern "C" fn mbedtls_ssl_conf_dtls_badmac_limit(
conf: *mut mbedtls_ssl_config,
limit: u32,
)
Expand description
\brief Set a limit on the number of records with a bad MAC before terminating the connection. (DTLS only, no effect on TLS.) Default: 0 (disabled).
\param conf SSL configuration \param limit Limit, or 0 to disable.
\note If the limit is N, then the connection is terminated when the Nth non-authentic record is seen.
\note Records with an invalid header are not counted, only the ones going through the authentication-decryption phase.
\note This is a security trade-off related to the fact that it’s often relatively easy for an active attacker to inject UDP datagrams. On one hand, setting a low limit here makes it easier for such an attacker to forcibly terminated a connection. On the other hand, a high limit or no limit might make us waste resources checking authentication on many bogus packets.