Datagram Transport Layer Security
In information technology, the Datagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The datagram semantics of the underlying transport are preserved by the DTLS protocol — the application will not suffer from the delays associated with stream protocols, but will have to deal with packet reordering, loss of datagram and data larger than a datagram packet size.
Definition
The following documents define DTLS:
- RFC 6347 for use with User Datagram Protocol (UDP),
- RFC 5238 for use with Datagram Congestion Control Protocol (DCCP),
- RFC 6083 for use with Stream Control Transmission Protocol (SCTP) encapsulation,
- RFC 5764 for use with Secure Real-time Transport Protocol (SRTP) latterly called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP).[1]
DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.
Version | DTLS 1.0 | DTLS 1.2 |
---|---|---|
Based on | TLS 1.1 | TLS 1.2 |
Implementations
Libraries
Software | DTLS 1.0 | DTLS 1.2 |
---|---|---|
OpenSSL | Yes | Beta[2] |
GnuTLS | Yes | Yes[3] |
MatrixSSL | Yes | Yes |
NSS | Beta[4][5] | No[5] |
SChannel | Yes[a][6] | No[6] |
Secure Transport | Yes | No |
CyaSSL | Yes | Yes |
libsystools[7] | Yes | No |
Python[8][9] | Yes | No |
PolarSSL | No | No |
Notes:
- a) DTLS 1.0 support on Windows 7 SP1 and Windows Server 2008 R2 SP1 with update KB2574819
Applications
- Cisco AnyConnect VPN Client that uses TLS and DTLS.[10] Also the compatible open-source OpenConnect client.
- Both Google Chrome and Firefox support DTLS-SRTP[11] for WebRTC.
Vulnerabilities
In February 2013 two researchers from the University of London discovered an attack[12] which allowed them to recover plaintext from a DTLS connection when Cipher Block Chaining mode encryption was used.
See also
References
- ^ Peck, M.; Igoe, K. (2012-09-25). "Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)". IETF.
- ^ http://www.openssl.org/news/changelog.html
- ^ http://packages.debian.org/jessie/gnutls-bin
- ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. 2012-12-18. Retrieved 2013-03-17.
- ^ a b "Bug 681065 - (dtls) Implement DTLS (Datagram TLS) in libssl". Mozilla. Retrieved 2013-11-18.
- ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. 2013-01-21. Retrieved 2013-03-17.
- ^ Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". Sourceforge.
- ^ Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub.
- ^ Ray Brown. "Dtls 0.1.0 - DTLS for Python". Python Software Foundation.
- ^ "Cisco AnyConnect VPN Client". Cisco.
- ^ "WebRTC Interop Notes".
{{cite web}}
: Cite has empty unknown parameter:|1=
(help) - ^ Plaintext-Recovery Attacks Against Datagram TLS
External links
- RFC 4347: Datagram Transport Layer Security
- RFC 6347: Datagram Transport Layer Security Version 1.2
- "Transport Layer Security (tls) - Charter". IETF.
- Modadugu, Nagendra; Rescorla, Eric (2003-11-21). "The Design and Implementation of Datagram TLS" (PDF). Stanford Crypto Group. Retrieved 2013-03-17.
- AlFardan, Nadhem J.; Paterson, Kenneth G. "Plaintext-Recovery Attacks Against Datagram TLS" (PDF). Retrieved 2013-11-25.
- Gibson, Steve; Laporte, Leo (2012-11-28). "Datagram Transport Layer Security". Security Now 380. Retrieved 2013-03-17. Skip to 1:07:14.
- Robin Seggelmann's Sample Code: echo, character generator, and discard client/servers.
This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.