Datagram Transport Layer Security

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed[1][2] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport — the application does not suffer from the delays associated with stream protocols, but has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.

Definition

The following documents define DTLS:

DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.

Implementations

Libraries

Library support for DTLS
Implementation DTLS 1.0[1] DTLS 1.2[2]
Botan Yes Yes
cryptlib No No
GnuTLS Yes Yes
Java Secure Socket Extension Yes Yes
LibreSSL Yes No
libsystools[4] Yes No
MatrixSSL Yes Yes
mbed TLS (previously PolarSSL) Yes[5] Yes[5]
Network Security Services Yes[6] Yes[7]
OpenSSL Yes Yes[8]
PyDTLS[9][10] Yes Yes
RSA BSAFE No No
SChannel XP/2003, Vista/2008 No No
SChannel 7/2008R2, 8/2012, 8.1/2012R2, 10 Yes[11] No[11]
SChannel 10 (1607), 2016 Yes Yes[12]
Secure Transport OS X 10.2-10.7 / iOS 1-4 No No
Secure Transport OS X 10.8-10.10 / iOS 5-8 Yes[a] No
SharkSSL No No
tinydtls [13] No Yes
wolfSSL (previously CyaSSL) Yes Yes
Implementation DTLS 1.0 DTLS 1.2
  1. ^ DTLS 1.0 are available on iOS 5.0 and later, and OS X 10.8 and later.[14]

Applications

Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered an attack[20] which allowed them to recover plaintext from a DTLS connection using the OpenSSL implementation of DTLS when Cipher Block Chaining mode encryption was used.

See also

References

  1. 1 2 RFC 4347
  2. 1 2 RFC 6347
  3. Peck, M.; Igoe, K. (2012-09-25). "Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)". IETF.
  4. Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". Sourceforge.
  5. 1 2 "mbed TLS 2.0.0 released". ARM. 2015-07-13. Retrieved 2015-08-25.
  6. "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
  7. "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Retrieved 2014-06-30.
  8. "As of version 1.0.2". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Retrieved 2015-01-26.
  9. Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub.
  10. Ray Brown. "DTLS for Python". Python Software Foundation.
  11. 1 2 "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  12. Justinha. "TLS (Schannel SSP)". docs.microsoft.com. Retrieved 2017-05-01.
  13. Olaf Bergmann. "tinydtls". Eclipse Foundation.
  14. "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  15. "AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer". Cisco. Retrieved 26 February 2017.
  16. "Cisco InterCloud Architectural Overview" (PDF). Cisco Systems.
  17. "f5 Datagram Transport Layer Security (DTLS)". f5 Networks.
  18. "Configuring a DTLS Virtual Server". Citrix Systems.
  19. "WebRTC Interop Notes". Archived from the original on 2013-05-11.
  20. Plaintext-Recovery Attacks Against Datagram TLS

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.