Datagram Transport Layer Security
In information technology, the Datagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The datagram semantics of the underlying transport are preserved by the DTLS protocol — the application will not suffer from the delays associated with stream protocols, but will have to deal with packet reordering, loss of datagram and data larger than a datagram network packet size.
Contents
Definition[edit]
The following documents define DTLS:
- RFC 6347 for use with User Datagram Protocol (UDP),
- RFC 5238 for use with Datagram Congestion Control Protocol (DCCP),
- RFC 6083 for use with Stream Control Transmission Protocol (SCTP) encapsulation,
- RFC 5764 for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP).[1]
DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.
| Version | DTLS 1.0 | DTLS 1.2 |
|---|---|---|
| Based on | TLS 1.1 | TLS 1.2 |
Implementations[edit]
Libraries[edit]
| Implementation | DTLS 1.0[2] | DTLS 1.2[3] |
|---|---|---|
| Botan | Yes | Yes |
| cryptlib | No | No |
| GnuTLS | Yes | Yes |
| Java Secure Socket Extension | No | No |
| LibreSSL | Yes | No |
| libsystools[4] | Yes | No |
| MatrixSSL | Yes | Yes |
| mbed TLS (previously PolarSSL) | Beta[5] | Beta[5] |
| Network Security Services | Yes[6] | Yes[7] |
| OpenSSL | Yes | Yes[8] |
| Python[9][10] | Yes | No |
| RSA BSAFE | No | No |
| SChannel XP/2003, Vista/2008 | No | No |
| SChannel 7/2008R2, 8/2012, 8.1/2012R2, 10 Technical Preview | Yes[11] | Yes[11] |
| Secure Transport OS X 10.2-10.7 / iOS 1-4 | No | No |
| Secure Transport OS X 10.8-10.10 / iOS 5-8 | Yes[a] | No |
| SharkSSL | No | No |
| wolfSSL (previously CyaSSL) | Yes | Yes |
| Implementation | DTLS 1.0 | DTLS 1.2 |
Applications[edit]
- Cisco AnyConnect VPN Client uses TLS and DTLS,[13] as does the AnyConnect-compatible open-source OpenConnect client
- f5 Networks Edge VPN Client uses TLS and DTLS[14]
- Web browsers: Google Chrome, Opera and Firefox support DTLS-SRTP[15] for WebRTC
Vulnerabilities[edit]
In February 2013 two researchers from Royal Holloway, University of London discovered an attack[16] which allowed them to recover plaintext from a DTLS connection when Cipher Block Chaining mode encryption was used.
See also[edit]
References[edit]
- ^ Peck, M.; Igoe, K. (2012-09-25). "Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)". IETF.
- ^ RFC 4347
- ^ RFC 6347
- ^ Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". Sourceforge.
- ^ a b "mbed TLS 1.4 DTLS preview release". 2015-02-16. Retrieved 2015-03-01.
- ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
- ^ "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Retrieved 2014-06-30.
- ^ "As of version 1.0.2". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Retrieved 2015-01-26.
- ^ Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub.
- ^ Ray Brown. "DTLS for Python". Python Software Foundation.
- ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
- ^ "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
- ^ "Cisco AnyConnect VPN Client". Cisco.
- ^ "f5 Datagram Transport Layer Security (DTLS)". f5_Networks.
- ^ "WebRTC Interop Notes".
- ^ Plaintext-Recovery Attacks Against Datagram TLS
External links[edit]
- "Transport Layer Security (tls) - Charter". IETF.
- Modadugu, Nagendra; Rescorla, Eric (2003-11-21). "The Design and Implementation of Datagram TLS". Stanford Crypto Group. Retrieved 2013-03-17.
- AlFardan, Nadhem J.; Paterson, Kenneth G. "Plaintext-Recovery Attacks Against Datagram TLS". Retrieved 2013-11-25.
- Gibson, Steve; Laporte, Leo (2012-11-28). "Datagram Transport Layer Security". Security Now 380. Retrieved 2013-03-17. Skip to 1:07:14.
- Robin Seggelmann's Sample Code: echo, character generator, and discard client/servers.
|
||||||||||||||||||||||||||||||||
This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
 |
This Internet-related article is a stub. You can help Wikipedia by expanding it. |
