Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Transport Layer Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Datagram Transport Layer Security === Datagram Transport Layer Security, abbreviated DTLS, is a related [[communications protocol]] providing [[communications security|security]] to [[datagram]]-based applications by allowing them to communicate in a way designed<ref name="RFC 4347">{{cite IETF|rfc=4347|title=Datagram Transport Layer Security|first1=Eric|last1=Rescorla|first2=Nagendra|last2=Modadugu|date=April 2006}}</ref><ref name="RFC 6347">{{cite IETF|rfc=6347|title=Datagram Transport Layer Security Version 1.2|first1=Eric|last1=Rescorla|first2=Nagendra|last2=Modadugu|date=January 2012}}</ref> to prevent [[eavesdropping]], [[man in the middle attack|tampering]], or [[message forgery]]. The DTLS protocol is based on the [[Stream (computing)|stream]]-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. However, unlike TLS, it can be used with most datagram oriented protocols including [[User Datagram Protocol]] (UDP), [[Datagram Congestion Control Protocol]] (DCCP), [[CAPWAP|Control And Provisioning of Wireless Access Points]] (CAPWAP), [[Stream Control Transmission Protocol]] (SCTP) encapsulation, and [[Secure Real-time Transport Protocol]] (SRTP). As the DTLS protocol datagram preserves the semantics of the underlying transport, the application does not suffer from the delays associated with stream protocols. However, the application has to deal with [[packet reordering]], loss of datagram and data larger than the size of a datagram [[network packet]]. Because DTLS uses UDP or SCTP rather than TCP, it avoids the [[TCP meltdown problem]],<ref>{{cite web | url=http://sites.inka.de/bigred/devel/tcp-tcp.html | title=Why TCP Over TCP Is A Bad Idea | first=Olaf | last=Titz | date=2001-04-23 | access-date=2015-10-17 | archive-date=2023-03-10 | archive-url=https://web.archive.org/web/20230310043036/http://sites.inka.de/bigred/devel/tcp-tcp.html | url-status=live }}</ref><ref>{{cite conference | bibcode=2005SPIE.6011..138H | title=Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency |author1=Honda, Osamu |author2=Ohsaki, Hiroyuki |author3=Imase, Makoto |author4=Ishizuka, Mika |author5=Murayama, Junichi | s2cid=8945952 |book-title=Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III | volume=6011 | date=October 2005 | doi=10.1117/12.630496 | citeseerx=10.1.1.78.5815 | editor1-last=Atiquzzaman | editor1-first=Mohammed | editor2-last=Balandin | editor2-first=Sergey I }}</ref> when being used to create a VPN tunnel. The original 2006 release of DTLS version 1.0 was not a standalone document. It was given as a series of deltas to TLS 1.1.<ref>{{IETF RFC|4347|link=no}} Β§ 4</ref> Similarly the follow-up 2012 release of DTLS is a delta to TLS 1.2. It was given the version number of DTLS 1.2 to match its TLS version. Lastly, the 2022 DTLS 1.3 is a delta to TLS 1.3. Like the two previous versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".<ref>{{cite IETF |rfc=9147 | title=The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 | date=April 21, 2022 | last1=Rescorla | first1=Eric | last2=Tschofenig | first2=Hannes | last3=Modadugu | first3=Nagena }}</ref> Many [[Virtual private network|VPN clients]] including [[Cisco]] [[AnyConnect]]<ref>{{cite web | url=http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html | title=AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer | publisher=[[Cisco]] | access-date=26 February 2017 | archive-date=26 February 2017 | archive-url=https://web.archive.org/web/20170226131243/http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html | url-status=live }}</ref> & InterCloud Fabric,<ref>{{cite web | url=http://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric/Intercloud_Fabric_2.pdf | title=Cisco InterCloud Architectural Overview | publisher=[[Cisco Systems]] | access-date=2022-11-29 | archive-date=2022-08-09 | archive-url=https://web.archive.org/web/20220809111605/https://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric/Intercloud_Fabric_2.pdf | url-status=live }}</ref> [[OpenConnect]],<ref>{{cite web |title=OpenConnect |url=https://www.infradead.org/openconnect/ |access-date=26 February 2017 |publisher=[[OpenConnect]] |archive-date=2 February 2017 |archive-url=https://web.archive.org/web/20170202104439/http://www.infradead.org/openconnect/ |url-status=live }}</ref> [[Zscaler|ZScaler]] tunnel,<ref>{{cite web | url=https://help.zscaler.com/z-app/about-z-tunnel-1.0-z-tunnel-2.0 | title=ZScaler ZTNA 2.0 Tunnel | publisher=[[ZScaler]] | access-date=2022-11-29 | archive-date=2022-11-29 | archive-url=https://web.archive.org/web/20221129041020/https://help.zscaler.com/z-app/about-z-tunnel-1.0-z-tunnel-2.0 | url-status=live }}</ref> F5 Networks [[F5 Networks#BIG-IP product modules|Edge VPN Client]],<ref>{{cite web | url=https://f5.com/glossary/datagram-transport-layer-security-dtls | title=f5 Datagram Transport Layer Security (DTLS) | publisher=[[f5 Networks]] | access-date=2022-11-29 | archive-date=2022-11-29 | archive-url=https://web.archive.org/web/20221129041024/https://www.f5.com/glossary/datagram-transport-layer-security-dtls | url-status=live }}</ref> and Citrix Systems [[Citrix Systems#Networking and cloud|NetScaler]]<ref>{{cite web |title=Configuring a DTLS Virtual Server |url=http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/config-dtls-vserver.html |publisher=[[Citrix Systems]] |access-date=2022-11-29 |archive-date=2016-12-21 |archive-url=https://web.archive.org/web/20161221020000/http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/config-dtls-vserver.html |url-status=live }}</ref> use DTLS to secure UDP traffic. In addition all modern web browsers support DTLS-SRTP<ref>{{cite web |url=https://sites.google.com/site/webrtc/interop |title=WebRTC Interop Notes |url-status=dead |archive-url=https://web.archive.org/web/20130511043959/https://sites.google.com/site/webrtc/interop |archive-date=2013-05-11 }}</ref> for [[WebRTC]].
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)