Datagram Transport Layer Security

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed[1][2] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport — the application does not suffer from the delays associated with stream protocols, but has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.


The following documents define DTLS:

DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2. There is no DTLS 1.1; that version number was skipped in order to harmonize version numbers with TLS.[2]



Library support for DTLS
Implementation DTLS 1.0[1] DTLS 1.2[2]
Botan Yes Yes
cryptlib No No
GnuTLS Yes Yes
Java Secure Socket Extension Yes Yes
LibreSSL Yes No
libsystools[4] Yes No
MatrixSSL Yes Yes
mbed TLS (previously PolarSSL) Yes[5] Yes[5]
Network Security Services Yes[6] Yes[7]
OpenSSL Yes Yes[8]
PyDTLS[9][10] Yes Yes
s2n No No
SChannel XP/2003, Vista/2008 No No
SChannel 7/2008R2, 8/2012, 8.1/2012R2, 10 Yes[11] No[11]
SChannel 10 (1607), 2016 Yes Yes[12]
Secure Transport OS X 10.2–10.7 / iOS 1–4 No No
Secure Transport OS X 10.8–10.10 / iOS 5–8 Yes[13] No
SharkSSL No No
tinydtls [14] No Yes
Waher.Security.DTLS [15] No Yes
wolfSSL (previously CyaSSL) Yes Yes
Implementation DTLS 1.0 DTLS 1.2



In February 2013 two researchers from Royal Holloway, University of London discovered an attack[21] which allowed them to recover plaintext from a DTLS connection using the OpenSSL implementation of DTLS when Cipher Block Chaining mode encryption was used.

See also[edit]


  1. ^ a b RFC 4347
  2. ^ a b c RFC 6347
  3. ^ Peck, M.; Igoe, K. (2012-09-25). "Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)". IETF. 
  4. ^ Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". Sourceforge. 
  5. ^ a b "mbed TLS 2.0.0 released". ARM. 2015-07-13. Retrieved 2015-08-25. 
  6. ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27. 
  7. ^ "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Retrieved 2014-06-30. 
  8. ^ "As of version 1.0.2". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Retrieved 2015-01-26. 
  9. ^ Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub. 
  10. ^ Ray Brown. "DTLS for Python". Python Software Foundation. 
  11. ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012. 
  12. ^ Justinha. "TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016". Retrieved 2017-09-01. 
  13. ^ "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. 
  14. ^ Olaf Bergmann. "tinydtls". Eclipse Foundation. 
  15. ^ Peter Waher. "Waher.Security.DTLS". Waher Data AB. 
  16. ^ "AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer". Cisco. Retrieved 26 February 2017. 
  17. ^ "Cisco InterCloud Architectural Overview" (PDF). Cisco Systems. 
  18. ^ "f5 Datagram Transport Layer Security (DTLS)". f5 Networks. 
  19. ^ "Configuring a DTLS Virtual Server". Citrix Systems. 
  20. ^ "WebRTC Interop Notes". Archived from the original on 2013-05-11. 
  21. ^ Plaintext-Recovery Attacks Against Datagram TLS

External links[edit]

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.