Send commands to a node without DTLS encryption


We are trying to build a Zwave Controller that will run on the same box as the ZipGateway. We want to use unencrypted traffic between our controller and the GW (first because it is hard to find a Java library that supports DTLS good enough and second because it only slows down communication we don’t let it out of the box). On to the questions:

Is it possible to do this? Commands directly to the GW seems to work, but when we send commands to the Z-wave devices they seem to be ignored. I found a sentence in the spec that said they should be dropped if not encrypted (the same bytes send with the reference_client using DTLS are not ignored). I tried using encapsulation header extensions without success. So is there a way to configure the GW to

If this is not possible: Do you know of any Java DTLS library that works with the GW. I have tried BouncyCastle but it did not support HELLO so it dropped the first packet while setting up the DTLS session. I started on WolfSSL but the Java native api hasn’t been updated for a while. All other I could find were GPL3 licensed which is no good.


Not using, or somehow disabling, DTLS on zipgateway would negatively impact the way Z-Wave S0 and S2 (Security Encapsulated) messages are handled. Internally,zpigateway makes an “equivalence” of sorts between security on the LAN side and security on the HAN side, so needing to deal with DTLS on the LAN side becomes a necessity.

I’m not familiar enough with Java frameworks to be in a position to make a recommendation to you, but I have heard of this being accomplished in the past (and maybe is even part of a shippping gateway product) using BouncyCastle.