Share DTLS handshake credentials

Is it possible perform the DTLS handshake with one UDP socket, then use those credentials on another UDP socket? I have a case where the handshake information is sent to me embedded in TCP, then UDP encrypted packets are sent to me across a different socket.

I am able to get past the handshake (most of the time), but I’m having trouble swapping out the mbedtls_net_context afterwards. After the handshake, I attempt to mbedtls_net_connect to the new UDP socket, but it doesn’t seem to recv any packets. I have also tried mbedtls_net_accept, but it doesn’t seem to pick up a new connection either.

DTLS packets are definitely getting sent.

Hi @vkeller86
Thank you for your question.

If I understand your use case, you can consider using session resumption in your new UDP socket, assuming the old UDP socket connection has been closed.
Is your peer the client or server? If you try mbedtls_net_accept() I am assuming it is the server. Has your server terminated the previous UDP socket ? Do you have logs to share?
Mbed TLS Support

I hadn’t tried closing the original UDP connection and that is probably the problem. I was worried this might reset the whole handshake process. Also, I had forgotten about the session resumption feature - I’ll give that a shot.

The peer (incoming UDP connection) is the client and I am the server calling accept (receiving UDP data).

I don’t have any logs that are relevant, since it had just blocked on the subsequent accept after handshaking with the first client. I think this is because the original socket is actually connected to (which is more efficient), rather the calling recvfrom?