Jump to content

Datagram Transport Layer Security

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 2a02:6b8:0:40c:64b2:6d8c:4ab2:4e9b (talk) at 10:35, 27 December 2013 (→‎Vulnerabilities: add reference to attack PDF). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In information technology, the Datagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The datagram semantics of the underlying transport are preserved by the DTLS protocol — the application will not suffer from the delays associated with stream protocols, but will have to deal with packet reordering, loss of datagram and data larger than a datagram packet size.

Definition

The following documents define DTLS:

DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.

TLS basis of DTLS
Version DTLS 1.0 DTLS 1.2
Based on TLS 1.1 TLS 1.2

Implementations

Libraries

Main article: Comparison of TLS implementations § Protocol Support
Library support for DTLS
Software DTLS 1.0 DTLS 1.2
OpenSSL Yes Beta[2]
GnuTLS Yes Yes[3]
MatrixSSL Yes Yes
NSS Beta[4][5] No[5]
SChannel Yes[a][6] No[6]
Secure Transport Yes No
CyaSSL Yes Yes
libsystools[7] Yes No
Python[8][9] Yes No
PolarSSL No No

Notes:

  • a) DTLS 1.0 support on Windows 7 SP1 and Windows Server 2008 R2 SP1 with update KB2574819

Applications

Vulnerabilities

In February 2013 two researchers from the University of London discovered an attack[12] which allowed them to recover plaintext from a DTLS connection when Cipher Block Chaining mode encryption was used.

See also

References

  1. ^ Peck, M.; Igoe, K. (2012-09-25). "Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)". IETF.
  2. ^ http://www.openssl.org/news/changelog.html
  3. ^ http://packages.debian.org/jessie/gnutls-bin
  4. ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. 2012-12-18. Retrieved 2013-03-17.
  5. ^ a b "Bug 681065 - (dtls) Implement DTLS (Datagram TLS) in libssl". Mozilla. Retrieved 2013-11-18.
  6. ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. 2013-01-21. Retrieved 2013-03-17.
  7. ^ Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". Sourceforge.
  8. ^ Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub.
  9. ^ Ray Brown. "Dtls 0.1.0 - DTLS for Python". Python Software Foundation.
  10. ^ "Cisco AnyConnect VPN Client". Cisco.
  11. ^ "WebRTC Interop Notes". {{cite web}}: Cite has empty unknown parameter: |1= (help)
  12. ^ Plaintext-Recovery Attacks Against Datagram TLS

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.

Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Datagram_Transport_Layer_Security&oldid=587895112"