Datagram Transport Layer Security
Template:Distinguish Template:Short description Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designedTemplate:Ref RFCTemplate:Ref RFCTemplate:Ref RFC to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP it avoids the TCP meltdown problem<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>Template:Cite conference</ref> when being used to create a VPN tunnel.
DefinitionEdit
The following documents define DTLS:
- Template:IETF RFC from May 2008Template:Ref RFC for use with Datagram Congestion Control Protocol (DCCP)
- Template:IETF RFC from March 2009Template:Ref RFC for use with Control And Provisioning of Wireless Access Points (CAPWAP)
- Template:IETF RFC from May 2010Template:Ref RFC for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP)<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Template:IETF RFC from January 2011Template:Ref RFC for use with Stream Control Transmission Protocol (SCTP) encapsulation
- Template:IETF RFC from April 2022Template:Ref RFC for use with User Datagram Protocol (UDP)
DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS.Template:Ref RFC Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
ImplementationsEdit
LibrariesEdit
Template:Main article Template:More citations needed
| Implementation | DTLS 1.0Template:Ref RFC | DTLS 1.2Template:Ref RFC | DTLS 1.3Template:Ref RFC | ||
|---|---|---|---|---|---|
| Botan | Template:Yes | Template:Yes | |||
| cryptlib | Template:No | Template:No | |||
| GnuTLS | Template:Yes | Template:Yes | |||
| Java Secure Socket Extension | Template:Yes | Template:Yes | |||
| LibreSSL | Template:Yes | Template:Yes<ref name=libressl-3.3.2-relnotes>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
||
| citation | CitationClass=web
}}</ref> || Template:Yes || Template:No |
||||
| MatrixSSL | Template:Yes | Template:Yes | |||
| mbed TLS (previously PolarSSL) | Template:Yes<ref name=mbedtls-2.0.0>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Yes<ref name=mbedtls-2.0.0/> | ||
| Network Security Services | Template:Yes<ref name=NSS-3.14>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Yes<ref name=NSS-3.16.2>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
|
| OpenSSL | Template:Yes | Template:Yes<ref name=OpenSSL-1.0.2>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
||
| citation | CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation |
CitationClass=web
}}</ref> || Template:Yes || Template:Yes |
|||
| citation | CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation |
CitationClass=web
}}</ref> || Template:Yes || Template:Yes |
|||
| RSA BSAFE | Template:No | Template:No | |||
| s2n | Template:No | Template:No | |||
| Schannel XP/2003, Vista/2008 | Template:No | Template:No | |||
| Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10 | Template:Yes<ref name=MS2574819>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:No<ref name=MS2574819 /> | ||
| Schannel 10 (1607), 2016 | Template:Yes | Template:Yes<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
||
| Secure Transport OS X 10.2–10.7 / iOS 1–4 | Template:No | Template:No | |||
| Secure Transport OS X 10.8–10.10 / iOS 5–8 | Template:Yes<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:No | ||
| SharkSSL | Template:No | Template:No | |||
| citation | CitationClass=web
}}</ref> |
Template:No | Template:Yes | ||
| citation | CitationClass=web
}}</ref> |
Template:No | Template:Yes | ||
| wolfSSL (previously CyaSSL)<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Yes | Template:Yes | Template:Yes | |
| citation | CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation |
CitationClass=web
}}</ref> |
Template:No | Template:Yes | |
| citation | CitationClass=web
}}</ref> |
Template:Yes | Template:Yes | ||
| citation | CitationClass=web
}}</ref> (Go) || Template:No || Template:Yes |
||||
| citation | CitationClass=web
}}</ref> (Java) || Template:No || Template:Yes |
||||
| citation | CitationClass=web
}}</ref> (Java) || Template:Yes || Template:Yes |
||||
| Implementation | DTLS 1.0 | DTLS 1.2 | DTLS 1.3 |
ApplicationsEdit
- Cisco AnyConnect VPN Client uses TLS and invented DTLS-based VPN.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- OpenConnect is an open source AnyConnect-compatible client and ocserv server that supports (D)TLS.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Cato Networks utilizes DTLS v1.2 for the underlay tunnel used by both the Cato Socket and Cato ZTNA (formerly SDP) client when forming tunnels to the Cato POPs <ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref> and when forming off-cloud tunnels between Cato sockets.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
- ZScaler tunnel 2.0 for ZScaler Internet Access (ZIA) uses DTLS for tunneling. ZScaler Private Access (ZPA) does not support DTLS <ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- F5 Networks Edge VPN Client uses TLS and DTLS.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Fortinet's SSL VPN<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref> and Array Networks SSL VPN<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> also use DTLS for VPN tunneling.
- Citrix Systems NetScaler uses DTLS to secure UDP.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Web browsers: Google Chrome, Opera and Firefox support DTLS-SRTP<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref> for WebRTC. Firefox 86 and onward does not support DTLS 1.0.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
- Remote Desktop Protocol 8.0 and onwards.
VulnerabilitiesEdit
In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack<ref name="praad-tls">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when Cipher Block Chaining mode encryption was used.
See alsoEdit
ReferencesEdit
External linksEdit
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }} Skip to 1:07:14.
- Robin Seggelmann's Sample Code: echo, character generator, and discard client/servers.
- The Illustrated DTLS Connection