Datagram Transport Layer Security

Source: Wikipedia, the free encyclopedia.

Datagram Transport Layer Security (DTLS) is a

packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem",[4][5]
when being used to create a VPN tunnel.

Definition

The following documents define DTLS:

DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS.[2] Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".[7]

Implementations

Libraries

Library support for DTLS
Implementation DTLS 1.0[1] DTLS 1.2[2] DTLS 1.3[3]
Botan Yes Yes
cryptlib No No
GnuTLS Yes Yes
Java Secure Socket Extension Yes Yes
LibreSSL Yes Yes[8]
libsystools[9] Yes No
MatrixSSL Yes Yes
mbed TLS (previously PolarSSL) Yes[10] Yes[10]
Network Security Services Yes[11] Yes[12]
OpenSSL Yes Yes[13]
PyDTLS[14][15] Yes Yes
Python3-dtls[16][17] Yes Yes
RSA BSAFE
No No
s2n No No
Schannel XP/2003, Vista/2008
No No
Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10
Yes[18] No[18]
Schannel 10 (1607), 2016
Yes Yes[19]
Secure Transport OS X 10.2–10.7 / iOS 1–4 No No
Secure Transport OS X 10.8–10.10 / iOS 5–8 Yes[20] No
SharkSSL No No
tinydtls [21] No Yes
Waher.Security.DTLS [22] No Yes
wolfSSL (previously CyaSSL)[23] Yes Yes Yes
@nodertc/dtls [24][25] No Yes
java-dtls[26] Yes Yes
pion/dtls[27] (Go) No Yes
californium/scandium[28] (Java) No Yes
SNF4J[29] (Java) Yes Yes
Implementation DTLS 1.0 DTLS 1.2 DTLS 1.3

Applications

Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack

Cipher Block Chaining
mode encryption was used.

See also

References

  1. ^ .
  2. ^ .
  3. ^ .
  4. ^ Titz, Olaf (2001-04-23). "Why TCP Over TCP Is A Bad Idea". Archived from the original on 2023-03-10. Retrieved 2015-10-17.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  5. S2CID 8945952
    .
  6. IETF
    .
  7. ^ "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3".
  8. ^ "LibreSSL 3.3.2 Release Notes". The OpenBSD Project. 2021-05-01. Retrieved 2021-06-13.
  9. ^ Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". SourceForge.
  10. ^ a b "mbed TLS 2.0.0 released". ARM. 2015-07-13. Retrieved 2015-08-25.
  11. ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27.
  12. ^ "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Archived from the original on 2021-12-07. Retrieved 2014-06-30.
  13. ^ "As of version 1.0.2". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Archived from the original on 2014-09-04. Retrieved 2015-01-26.
  14. ^ Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub.
  15. ^ Ray Brown. "DTLS for Python". Python Software Foundation.
  16. ^ Ray Brown/Mobius Software LTD. "pydtls - Datagram Transport Layer Security for Python". GitHub.
  17. ^ Ray Brown/Mobius Software LTD. "DTLS for Python3 Based on PyDTLS". Python Software Foundation.
  18. ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  19. ^ Justinha. "TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016". docs.microsoft.com. Retrieved 2017-09-01.
  20. ^ "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  21. ^ Olaf Bergmann. "tinydtls". Eclipse Foundation.
  22. ^ Peter Waher. "Waher.Security.DTLS". Waher Data AB.
  23. ^ "wolfSSL Embedded SSL/TLS Library".
  24. ^ Dmitriy Tsvettsikh. "Secure UDP communications using DTLS in pure js". GitHub.
  25. npm
    .
  26. ^ Mobius Software LTD. "Non blocking Java DTLS Implementation based on BouncyCastle and Netty". Mobius Software LTD.
  27. ^ Sean DuBois. "pion/dtls: DTLS 1.2 Server/Client implementation for Go". GitHub.
  28. ^ "californium/scandium: DTLS 1.2 Server/Client implementation for java and coap. Includes connection id extension". Eclipse Foundation.
  29. ^ SNF4J.ORG. "Simple Network Framework for Java (SNF4J)". GitHub.{{cite web}}: CS1 maint: numeric names: authors list (link)
  30. ^ "AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer". Cisco. Retrieved 26 February 2017.
  31. ^ "OpenConnect". OpenConnect. Retrieved 26 February 2017.
  32. Cisco Systems
    .
  33. ZScaler
    .
  34. f5 Networks
    .
  35. ^ "Configuring a DTLS Virtual Server". Citrix Systems.
  36. ^ "WebRTC Interop Notes". Archived from the original on 2013-05-11.
  37. ^ "Firefox 86.0, See All New Features, Updates and Fixes". Mozilla. 2021-02-23. Archived from the original on 2021-02-22. Retrieved 2021-02-23. From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.
  38. ^ "Plaintext-Recovery Attacks Against Datagram TLS" (PDF).

External links