Datagram Transport Layer Security#Definition

{{distinguish|TDLS}}

{{Short description|Communications protocol}}

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed{{Ref RFC|4347}}{{Ref RFC|6347}}{{Ref RFC|9147}} to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP it avoids the TCP meltdown problem{{cite web

| url=http://sites.inka.de/bigred/devel/tcp-tcp.html

| title=Why TCP Over TCP Is A Bad Idea

| first=Olaf

| last=Titz

| date=2001-04-23

| access-date=2015-10-17

| archive-date=2023-03-10

| archive-url=https://web.archive.org/web/20230310043036/http://sites.inka.de/bigred/devel/tcp-tcp.html

| url-status=bot: unknown

}}{{cite conference

| bibcode=2005SPIE.6011..138H

| title=Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency

|author1=Honda, Osamu |author2=Ohsaki, Hiroyuki |author3=Imase, Makoto |author4=Ishizuka, Mika |author5=Murayama, Junichi | s2cid=8945952

|book-title=Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III

| volume=6011

| date=October 2005

| doi=10.1117/12.630496

| citeseerx=10.1.1.78.5815

| editor1-last=Atiquzzaman

| editor1-first=Mohammed

| editor2-last=Balandin

| editor2-first=Sergey I

}} when being used to create a VPN tunnel.

Definition

The following documents define DTLS:

| url=https://tools.ietf.org/html/draft-peck-suiteb-dtls-srtp-02

| title=Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)

| first1=M.

| last1=Peck

| first2=K.

| last2=Igoe

| date=2012-09-25

| publisher=IETF}}

DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS.{{Ref RFC|6347}} Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".{{cite web | url=https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/ | title=The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 }}

Implementations

=Libraries=

{{Main article|Comparison of TLS implementations#Protocol support}}

{{More citations needed|section|date=September 2023|talk=Library support}}

class="wikitable sortable" style="text-align: left;"

|+ Library support for DTLS

Implementation

! DTLS 1.0{{Ref RFC|4347}}

! DTLS 1.2{{Ref RFC|6347}}

! DTLS 1.3{{Ref RFC|9147}}

Botan

| {{yes}}

| {{yes}}

|

cryptlib

| {{no}}

| {{no}}

|

GnuTLS

| {{yes}}

| {{yes}}

|

Java Secure Socket Extension

| {{yes}}

| {{yes}}

|

LibreSSL

| {{yes}}

| {{yes}}{{cite web | title = LibreSSL 3.3.2 Release Notes | url = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.2-relnotes.txt | publisher = The OpenBSD Project | date = 2021-05-01 | access-date = 2021-06-13}}

|

libsystools{{cite web

| url=http://sourceforge.net/projects/libsystools/

| title=libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL

| author=Julien Kauffmann

| publisher=SourceForge}}

{{Yes}}{{No}}

|

MatrixSSL

| {{yes}}

| {{yes}}

|

mbed TLS (previously PolarSSL)

| {{yes}}{{cite web | title = mbed TLS 2.0.0 released | url = https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released | publisher = ARM | date = 2015-07-13 | access-date = 2015-08-25}}

| {{yes}}

|

Network Security Services

| {{yes}}{{cite web|url=https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes|work=Mozilla Developer Network|title=NSS 3.14 release notes|publisher=Mozilla|access-date=2012-10-27|archive-date=2013-01-17|archive-url=https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes|url-status=dead}}

| {{yes}}{{cite web| url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes| title=NSS 3.16.2 release notes| date=2014-06-30| work=Mozilla Developer Network| publisher=Mozilla| access-date=2014-06-30| archive-date=2021-12-07| archive-url=https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes| url-status=dead}}

|

OpenSSL

| {{yes}}

| {{yes}}{{cite web|url=https://www.openssl.org/news/openssl-1.0.2-notes.html|title=As of version 1.0.2|date=2015-01-22|work=The OpenSSL Project|access-date=2015-01-26|archive-date=2014-09-04|archive-url=https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html|url-status=dead}}

|

PyDTLS{{cite web

| url=https://github.com/rbit/pydtls

| title=pydtls - Datagram Transport Layer Security for Python

| author=Ray Brown

| publisher=GitHub}}{{cite web

| url=https://pypi.python.org/pypi/Dtls

| title=DTLS for Python

| author=Ray Brown

| publisher=Python Software Foundation}}

{{Yes}}{{Yes}}

|

Python3-dtls{{cite web

| url=https://github.com/mobius-software-ltd/pyton3-dtls

| title=pydtls - Datagram Transport Layer Security for Python

| author=Ray Brown/Mobius Software LTD

| publisher=GitHub}}{{cite web

| url=https://pypi.python.org/pypi/python3-dtls

| title=DTLS for Python3 Based on PyDTLS

| author=Ray Brown/Mobius Software LTD

| publisher=Python Software Foundation}}

{{Yes}}{{Yes}}

|

RSA BSAFE

| {{no}}

| {{no}}

|

s2n

| {{no}}

| {{no}}

|

Schannel XP/2003, Vista/2008

| {{no}}

| {{no}}

|

Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10

| {{yes}}{{cite web|title=An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1|url=http://support.microsoft.com/kb/2574819/en-us|publisher=Microsoft|access-date=13 November 2012}}

| {{no}}

|

Schannel 10 (1607), 2016

|{{yes}}

|{{yes}}{{Cite web|url=https://docs.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server#dtls-12|title=TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016|last=Justinha|website=docs.microsoft.com|language=en-us|access-date=2017-09-01}}

|

Secure Transport OS X 10.2–10.7 / iOS 1–4

| {{no}}

| {{no}}

|

Secure Transport OS X 10.8–10.10 / iOS 5–8

| {{yes}}{{cite web|url=https://developer.apple.com/library/ios/technotes/tn2287/|work=iOS Developer Library|title=Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues|publisher=Apple Inc.|access-date=2012-05-03}}

| {{no}}

|

SharkSSL

| {{no}}

| {{no}}

|

tinydtls {{cite web | url=https://projects.eclipse.org/projects/iot.tinydtls | title=tinydtls | author = Olaf Bergmann | publisher=Eclipse Foundation}}

| {{no}}

| {{yes}}

|

Waher.Security.DTLS {{cite web | url=https://www.nuget.org/packages/Waher.Security.DTLS/ | title=Waher.Security.DTLS | author = Peter Waher | publisher=Waher Data AB}}

| {{no}}

| {{yes}}

|

wolfSSL (previously CyaSSL){{cite web|url=https://www.wolfssl.com/products/wolfssl/|title=wolfSSL Embedded SSL/TLS Library}}

| {{yes}}

| {{yes}}

| {{yes}}

@nodertc/dtls {{cite web | url=https://github.com/nodertc/dtls | title=Secure UDP communications using DTLS in pure js | author = Dmitriy Tsvettsikh | publisher=GitHub}}{{cite web | url=https://www.npmjs.com/package/@nodertc/dtls | title=DTLS in pure js | author = Dmitriy Tsvettsikh | publisher=npm}}

| {{no}}

| {{yes}}

|

java-dtls{{cite web | url=https://github.com/mobius-software-ltd/java-dtls | title=Non blocking Java DTLS Implementation based on BouncyCastle and Netty | author = Mobius Software LTD | publisher=Mobius Software LTD}}

| {{yes}}

| {{yes}}

|

pion/dtls{{cite web

| url=https://github.com/pion/dtls

| title=pion/dtls: DTLS 1.2 Server/Client implementation for Go

| author=Sean DuBois

| publisher=GitHub}} (Go)

{{no}}{{Yes}}

|

californium/scandium{{cite web

| url=https://github.com/eclipse/californium

| title=californium/scandium: DTLS 1.2 Server/Client implementation for java and coap. Includes connection id extension.

| publisher=Eclipse Foundation}} (Java)

{{no}}{{Yes}}

|

SNF4J{{cite web

| url=https://github.com/snf4j/snf4j

| title=Simple Network Framework for Java (SNF4J).

| author=SNF4J.ORG

| publisher=GitHub}} (Java)

{{Yes}}{{Yes}}

|

class="sortbottom"

! Implementation

! DTLS 1.0

! DTLS 1.2

! DTLS 1.3

=Applications=

  • Cisco AnyConnect VPN Client uses TLS and invented DTLS-based VPN.{{cite web

| url=http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html

| title=AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer

| publisher=Cisco |access-date=26 February 2017}}

  • OpenConnect is an open source AnyConnect-compatible client and ocserv server that supports (D)TLS.{{cite web

| url=https://www.infradead.org/openconnect/

| title=OpenConnect

| publisher=OpenConnect |access-date=26 February 2017}}

  • Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments.{{cite web

| url=http://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric/Intercloud_Fabric_2.pdf

| title=Cisco InterCloud Architectural Overview

| publisher=Cisco Systems}}

  • Cato Networks utilizes DTLS v1.2 for the underlay tunnel used by both the Cato Socket and Cato ZTNA (formerly SDP) client when forming tunnels to the Cato POPs {{Cite web |title=Cato Networks Cipher Suites Used by the Cato Socket and SDP Client |url=https://support.catonetworks.com/hc/en-us/articles/115005910469-Cipher-Suites-Used-by-the-Cato-Socket-and-SDP-Client }} and when forming off-cloud tunnels between Cato sockets.{{Cite web |title=Cato Networks Routing Traffic to an Off-Cloud Link |url=https://support.catonetworks.com/hc/en-us/articles/4413265642257-Routing-Traffic-to-an-Off-Cloud-Link }}
  • ZScaler tunnel 2.0 for ZScaler Internet Access (ZIA) uses DTLS for tunneling. ZScaler Private Access (ZPA) does not support DTLS {{cite web

| url=https://help.zscaler.com/z-app/about-z-tunnel-1.0-z-tunnel-2.0

| title=ZScaler ZTNA 2.0 Tunnel

| publisher=ZScaler}}

| url=https://f5.com/glossary/datagram-transport-layer-security-dtls

| title=f5 Datagram Transport Layer Security (DTLS)

| publisher=f5 Networks}}

  • Fortinet's SSL VPN{{cite web

| url=https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-DTLS-to-improve-SSL-VPN-performance/ta-p/193881

| title=Using DTLS to improve SSL VPN performance

| date=25 February 2016

| publisher=Fortinet}} and Array Networks SSL VPN{{cite web

| url=https://gitlab.com/openconnect/openconnect/-/blob/653ad5585af44a2b8fa7d5946645ccb0e3f6ab60/array.c#L740-749

| title=array.c from OpenConnect

| date=23 May 2022}} also use DTLS for VPN tunneling.

  • Citrix Systems NetScaler uses DTLS to secure UDP.{{cite web

| url=http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/config-dtls-vserver.html

| title=Configuring a DTLS Virtual Server

| publisher=Citrix Systems}}

|url=https://sites.google.com/site/webrtc/interop

|title=WebRTC Interop Notes

|url-status=dead

|archive-url=https://web.archive.org/web/20130511043959/https://sites.google.com/site/webrtc/interop

|archive-date=2013-05-11

}} for WebRTC. Firefox 86 and onward does not support DTLS 1.0.{{Cite web|date=2021-02-23|title=Firefox 86.0, See All New Features, Updates and Fixes|url=https://www.mozilla.org/en-US/firefox/86.0/releasenotes/|url-status=live|access-date=2021-02-23|website=Mozilla|language=en|quote=From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.|archive-url=https://web.archive.org/web/20210222150939/https://www.mozilla.org/en-US/firefox/86.0/releasenotes/ |archive-date=2021-02-22 }}

Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack{{Cite web|url=http://www.isg.rhul.ac.uk/~kp/dtls.pdf|title=Plaintext-Recovery Attacks Against Datagram TLS}} which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when Cipher Block Chaining mode encryption was used.

See also

References

{{Reflist}}