DTLS.CertLifetime

DTLS.CertLifetime

#Overview

name: DTLS.CertLifetime

This variable is created as a Console Variable (cvar).

• type: Var
• help: Lifetime to set on generated certificates, in seconds.

It is referenced in 3 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of DTLS.CertLifetime is to set the lifetime of generated certificates used in the DTLS (Datagram Transport Layer Security) protocol within Unreal Engine 5. This setting is primarily used for network security and communication.

This setting variable is relied upon by the DTLS Handler Component, which is a plugin in Unreal Engine 5’s runtime. Specifically, it’s used within the DTLSContext namespace, indicating its importance in DTLS-related operations.

The value of this variable is set using a TAutoConsoleVariable, which allows it to be modified at runtime through console commands. The default value is set to 4 * 60 * 60 seconds, which equates to 4 hours.

The associated variable CVarCertLifetime interacts directly with DTLS.CertLifetime. They share the same value and purpose.

Developers must be aware that this variable affects the security of DTLS communications. A shorter lifetime increases security by requiring more frequent certificate renewals, but may also increase overhead. A longer lifetime reduces overhead but may slightly decrease security.

Best practices when using this variable include:

1. Regularly reviewing and adjusting the certificate lifetime based on your application’s security requirements.
2. Monitoring the impact of different lifetime values on network performance and security.
3. Ensuring that the certificate renewal process is properly handled in the application to prevent communication disruptions.

Regarding the associated variable CVarCertLifetime:

The purpose of CVarCertLifetime is to provide a programmatic way to access and modify the DTLS.CertLifetime value within the C++ code.

It’s used in the DTLS Handler Component, specifically in the FDTLSContext::Initialize function, to set the lifetime of newly created certificates.

The value of CVarCertLifetime is set when the DTLS.CertLifetime console variable is modified, as they are directly linked.

Developers should be aware that changes to CVarCertLifetime will immediately affect the lifetime of newly generated certificates. It’s important to ensure that any code relying on this value can handle potential changes at runtime.

Best practices for using CVarCertLifetime include:

1. Using GetValueOnAnyThread() when accessing the value to ensure thread-safety.
2. Considering the implications of changing this value during runtime, especially in multiplayer scenarios.
3. Documenting any custom logic that modifies or depends on this variable to maintain code clarity and security.

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Plugins/Runtime/PacketHandlers/DTLSHandlerComponent/Source/Private/DTLSContext.cpp:26

Scope (from outer to inner):

file
namespace    DTLSContext

Source code excerpt:

	static const char* CipherListCert = "HIGH";

	TAutoConsoleVariable<int32> CVarCertLifetime(TEXT("DTLS.CertLifetime"), 4 * 60 * 60, TEXT("Lifetime to set on generated certificates, in seconds."));
	TAutoConsoleVariable<int32> CVarHandshakeRetry(TEXT("DTLS.HandshakeRetry"), 500, TEXT("Handshake retry time, in milliseconds."));
}

const TCHAR* LexToString(EDTLSContextType ContextType)
{
	switch (ContextType)

#Associated Variable and Callsites

This variable is associated with another variable named CVarCertLifetime. They share the same value. See the following C++ source code.

#Loc: <Workspace>/Engine/Plugins/Runtime/PacketHandlers/DTLSHandlerComponent/Source/Private/DTLSContext.cpp:26

Scope (from outer to inner):

file
namespace    DTLSContext

Source code excerpt:

	static const char* CipherListCert = "HIGH";

	TAutoConsoleVariable<int32> CVarCertLifetime(TEXT("DTLS.CertLifetime"), 4 * 60 * 60, TEXT("Lifetime to set on generated certificates, in seconds."));
	TAutoConsoleVariable<int32> CVarHandshakeRetry(TEXT("DTLS.HandshakeRetry"), 500, TEXT("Handshake retry time, in milliseconds."));
}

const TCHAR* LexToString(EDTLSContextType ContextType)
{
	switch (ContextType)

#Loc: <Workspace>/Engine/Plugins/Runtime/PacketHandlers/DTLSHandlerComponent/Source/Private/DTLSContext.cpp:387

Scope (from outer to inner):

file
function     bool FDTLSContext::Initialize

Source code excerpt:

			UE_LOG(LogDTLSHandler, Warning, TEXT("Empty certificate identifier"));

			FTimespan Lifetime = FTimespan::FromSeconds(DTLSContext::CVarCertLifetime.GetValueOnAnyThread());

			Cert = FDTLSCertStore::Get().CreateCert(Lifetime);
		}

		if (Cert.IsValid())
		{