fix(dtls): upgrade pion/dtls v2.2.6 to v3.1.1 fixing CVE-2026-26014

Upgrade github.com/pion/dtls from v2.2.6 to v3.1.1 to fix nonce reuse
vulnerability in AES-GCM ciphers (GHSA-9f3f-wv7r-qc8r). Migrate from
deprecated Config-struct API to ListenWithOptions/ClientWithOptions
options-based API.

v2 Config fields mapped to v3 functional options:
- Certificates, InsecureSkipVerify, ExtendedMasterSecret, ServerName,
  RootCAs, ClientCAs, ClientAuth, FlightInterval, MTU

ConnectContextMaker removed — no longer exists in v3; explicit
HandshakeContext(ctx) on *Conn is the replacement for timeout control.
This commit is contained in:
ginuerzh
2026-05-23 18:48:21 +08:00
parent 982ffa8149
commit 5a838a7d47
4 changed files with 28 additions and 64 deletions
+3 -4
View File
@@ -23,7 +23,7 @@ require (
github.com/miekg/dns v1.1.61
github.com/mitchellh/go-homedir v1.1.0
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pion/dtls/v2 v2.2.6
github.com/pion/dtls/v3 v3.1.1
github.com/pires/go-proxyproto v0.8.1
github.com/prometheus/client_golang v1.19.1
github.com/quic-go/quic-go v0.59.0
@@ -94,9 +94,8 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/onsi/gomega v1.34.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pion/logging v0.2.2 // indirect
github.com/pion/transport/v2 v2.0.2 // indirect
github.com/pion/udp/v2 v2.0.1 // indirect
github.com/pion/logging v0.2.4 // indirect
github.com/pion/transport/v4 v4.0.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_model v0.6.0 // indirect