Hi Maxim, Tested the NginxPlus patch for DTLS. UDP healthchecking doesn't work (ptoxy_timeout 1s, proxy_responses:1, my server answers every single request right away). Reproducible with Californium Scandium demos. Sekineby scoulibaly - Nginx Mailing List - English
Ted, A patched version of NginxPlus is available on request from Nginx customer care (based on 1.18.0). AFAIK the DTLS feature is expected to be deployed in either next or the other one release. Sekineby scoulibaly - Nginx Mailing List - English
Ted, I had similar issue recently and found out that the NGINX patch for DTLS doesn't seem to support PSK. Depending on the client cipher negociation at handshake time you might or might not encounter "no shared cipher". If you can, you should force your client to use an "SSL" cipher supported by nginx (and not a PSK one). Regards Sekineby scoulibaly - Nginx Mailing List - English
Nate, In the meanwhile I followed the thread and actually found your revised patches. I was able to apply them successfully. I realised I didn't ran configure with the --with-http-ssl flag (since I don't use http) when building nginx. This explains why the ssl_psk_file was not recognized. After building http module, the parameter was recognized properly. However, since I use stream and not httpby scoulibaly - Nginx Mailing List - English
Nate,Maxim, I found a patch here (http://mailman.nginx.org/pipermail/nginx-devel/2017-September/010449.html) regarding the PSK spport in Nginx. I can not make the new parameter ssl_psk_file work. I applied it to release-1.13.5 successfully. I updated my nginx.conf to stream { upstream dtls_udp_upstreams { hash $remote_addr:remote_port; server preprod.mycorp.com:5685; } server {by scoulibaly - Nginx Mailing List - English
I've setup a simplisti UDP load balancing as follow : stream { upstream dtls_udp_upstreams { hash $remote_addr:remote_port; server preprod.mycorp.com:5684; } server { listen 5684 udp; proxy_pass dtls_udp_upstreams; proxy_responses 1; } } I notice that the balancing is correctly done and the response is received by the client. Unfortunately, the destination port on thby scoulibaly - Nginx Mailing List - English