Datagram Transport Layer Security
<templatestyles src="Module:Hatnote/styles.css"></templatestyles>
In information technology, the Datagram Transport Layer Security (DTLS) communications protocol provides communications security for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed[1][2] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport — the application does not suffer from the delays associated with stream protocols, but has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.
Contents
Definition
The following documents define DTLS:
- RFC 6347 for use with User Datagram Protocol (UDP),
- RFC 5238 for use with Datagram Congestion Control Protocol (DCCP),
- RFC 6083 for use with Stream Control Transmission Protocol (SCTP) encapsulation,
- RFC 5764 for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP).[3]
DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.
| Version | DTLS 1.0 | DTLS 1.2 |
|---|---|---|
| Based on | TLS 1.1 | TLS 1.2 |
Implementations
Libraries
<templatestyles src="Module:Hatnote/styles.css"></templatestyles>
| Implementation | DTLS 1.0[4] | DTLS 1.2[2] |
|---|---|---|
| Botan | Yes | Yes |
| cryptlib | No | No |
| GnuTLS | Yes | Yes |
| Java Secure Socket Extension | No | No |
| LibreSSL | Yes | No |
| libsystools[5] | Yes | No |
| MatrixSSL | Yes | Yes |
| mbed TLS (previously PolarSSL) | Yes[6] | Yes[6] |
| Network Security Services | Yes[7] | Yes[8] |
| OpenSSL | Yes | Yes[9] |
| Python[10][11] | Yes | No |
| RSA BSAFE | No | No |
| SChannel XP/2003, Vista/2008 | No | No |
| SChannel 7/2008R2, 8/2012, 8.1/2012R2, 10 | Yes[12] | No[12] |
| Secure Transport OS X 10.2-10.7 / iOS 1-4 | No | No |
| Secure Transport OS X 10.8-10.10 / iOS 5-8 | Yes[a] | No |
| SharkSSL | No | No |
| tinydtls [13] | No | Yes |
| wolfSSL (previously CyaSSL) | Yes | Yes |
| Implementation | DTLS 1.0 | DTLS 1.2 |
Applications
- Cisco AnyConnect VPN Client uses TLS and DTLS,[15] as does the AnyConnect-compatible open-source OpenConnect client
- Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments[16]
- f5 Networks Edge VPN Client uses TLS and DTLS[17]
- Web browsers: Google Chrome, Opera and Firefox support DTLS-SRTP[18] for WebRTC
Vulnerabilities
In February 2013 two researchers from Royal Holloway, University of London discovered an attack[19] which allowed them to recover plaintext from a DTLS connection using the OpenSSL implementation of DTLS when Cipher Block Chaining mode encryption was used.
See also
References
- ↑ RFC 4347
- ↑ 2.0 2.1 RFC 6347
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ RFC 4347
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 6.0 6.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 12.0 12.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Plaintext-Recovery Attacks Against Datagram TLS
External links
- Lua error in package.lua at line 80: module 'strict' not found.
- Lua error in package.lua at line 80: module 'strict' not found.
- Lua error in package.lua at line 80: module 'strict' not found.
- Lua error in package.lua at line 80: module 'strict' not found. Skip to 1:07:14.
- Robin Seggelmann's Sample Code: echo, character generator, and discard client/servers.
This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.
