Datagram Transport Layer Security

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In information technology, the Datagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The datagram semantics of the underlying transport are preserved by the DTLS protocol — the application will not suffer from the delays associated with stream protocols, but will have to deal with packet reordering, loss of datagram and data larger than a datagram packet size.


The following documents define DTLS:

DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.

TLS basis of DTLS
Version DTLS 1.0 DTLS 1.2
Based on TLS 1.1 TLS 1.2



Library support for DTLS
Software DTLS 1.0 DTLS 1.2
OpenSSL Yes Beta[2]
GnuTLS Yes Yes[3]
MatrixSSL Yes Yes
NSS Beta[4][5] No[5]
SChannel Yes[a][6] Yes[6]
Secure Transport Yes No
CyaSSL Yes Yes
libsystools[7] Yes No
Python[8][9] Yes No
PolarSSL No No


  • a) DTLS support on Windows 7 SP1 and Windows Server 2008 R2 SP1 with update KB2574819



In February 2013 two researchers from the University of London discovered an attack[12] which allowed them to recover plaintext from a DTLS connection when Cipher Block Chaining mode encryption was used.

See also[edit]


External links[edit]

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.