Datagram Transport Layer Security Explained

Datagram Transport Layer Security should not be confused with TDLS.

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP it avoids the TCP meltdown problem^{[1] [2]} when being used to create a VPN tunnel.

Definition

The following documents define DTLS:

• from May 2008 for use with Datagram Congestion Control Protocol (DCCP)
• from March 2009 for use with Control And Provisioning of Wireless Access Points (CAPWAP)
• from May 2010 for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP)^[3]
• from January 2011 for use with Stream Control Transmission Protocol (SCTP) encapsulation
• from April 2022 for use with User Datagram Protocol (UDP)

DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS. Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".^[4]

Implementations

Libraries

See main article: article.

Library support for DTLS

Implementation	DTLS 1.0	DTLS 1.2	DTLS 1.3
Botan
cryptlib
GnuTLS
Java Secure Socket Extension
LibreSSL		[5]
libsystools[6]
MatrixSSL
mbed TLS (previously PolarSSL)	[7]
Network Security Services	[8]	[9]
OpenSSL		[10]
PyDTLS[11] [12]
Python3-dtls[13] [14]
RSA BSAFE
s2n
Schannel XP/2003, Vista/2008
Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10	[15]
Schannel 10 (1607), 2016		[16]
Secure Transport OS X 10.2–10.7 / iOS 1–4
Secure Transport OS X 10.8–10.10 / iOS 5–8	[17]
SharkSSL
tinydtls [18]
Waher.Security.DTLS [19]
wolfSSL (previously CyaSSL)[20]
@nodertc/dtls [21] [22]
java-dtls[23]
pion/dtls[24] (Go)
californium/scandium[25] (Java)
SNF4J[26] (Java)
Implementation	DTLS 1.0	DTLS 1.2	DTLS 1.3

Applications

• Cisco AnyConnect VPN Client uses TLS and invented DTLS-based VPN.^[27]
• OpenConnect is an open source AnyConnect-compatible client and ocserv server that supports (D)TLS.^[28]
• Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments.^[29]
• Cato Networks utilizes DTLS v1.2 for the underlay tunnel used by both the Cato Socket and Cato ZTNA (formerly SDP) client when forming tunnels to the Cato POPs ^[30] and when forming off-cloud tunnels between Cato sockets.^[31]
• ZScaler tunnel 2.0 uses DTLS for tunneling.^[32]
• F5 Networks Edge VPN Client uses TLS and DTLS.^[33]
• Fortinet's SSL VPN^[34] and Array Networks SSL VPN^[35] also use DTLS for VPN tunneling.
• Citrix Systems NetScaler uses DTLS to secure UDP.^[36]
• Web browsers: Google Chrome, Opera and Firefox support DTLS-SRTP^[37] for WebRTC. Firefox 86 and onward does not support DTLS 1.0.^[38]
• Remote Desktop Protocol 8.0 and onwards.

Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack^[39] which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when Cipher Block Chaining mode encryption was used.

See also

• ZRTP
• Reliable User Datagram Protocol
• QUIC
• WireGuard

External links

• Web site: Transport Layer Security (tls) - Charter. IETF.
• Web site: The Design and Implementation of Datagram TLS. Nagendra. Modadugu. Eric. Rescorla. 2003-11-21. Stanford Crypto Group. 2013-03-17.
• Web site: Plaintext-Recovery Attacks Against Datagram TLS. Nadhem J.. AlFardan. Kenneth G.. Paterson. 2013-11-25.
• Web site: Datagram Transport Layer Security. Steve. Gibson. Leo. Laporte. 2012-11-28. Security Now 380. 2013-03-17. Skip to 1:07:14.
• Robin Seggelmann's Sample Code: echo, character generator, and discard client/servers.
• The Illustrated DTLS Connection

Notes and References

1. Web site: Why TCP Over TCP Is A Bad Idea. Olaf. Titz. 2001-04-23. 2015-10-17. 2023-03-10. https://web.archive.org/web/20230310043036/http://sites.inka.de/bigred/devel/tcp-tcp.html. bot: unknown.
2. 2005SPIE.6011..138H. Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency. Honda, Osamu . Ohsaki, Hiroyuki . Imase, Makoto . Ishizuka, Mika . Murayama, Junichi . 8945952. Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III. 6011. October 2005. 10.1117/12.630496. 10.1.1.78.5815. Atiquzzaman. Mohammed. Balandin. Sergey I.
3. Web site: Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP). M.. Peck. K.. Igoe. 2012-09-25. IETF.
4. Web site: The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 .
5. Web site: LibreSSL 3.3.2 Release Notes . The OpenBSD Project . 2021-05-01 . 2021-06-13.
6. Web site: libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL. Julien Kauffmann. SourceForge.
7. Web site: mbed TLS 2.0.0 released . ARM . 2015-07-13 . 2015-08-25.
8. Web site: NSS 3.14 release notes. Mozilla Developer Network. Mozilla. 2012-10-27. 2013-01-17. https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes. dead.
9. Web site: NSS 3.16.2 release notes. 2014-06-30. Mozilla Developer Network. Mozilla. 2014-06-30. 2021-12-07. https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes. dead.
10. Web site: As of version 1.0.2. 2015-01-22. The OpenSSL Project. The OpenSSL Project. 2015-01-26. 2014-09-04. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html. dead.
11. Web site: pydtls - Datagram Transport Layer Security for Python . Ray Brown . GitHub.
12. Web site: DTLS for Python . Ray Brown . Python Software Foundation.
13. Web site: pydtls - Datagram Transport Layer Security for Python . Ray Brown/Mobius Software LTD . GitHub.
14. Web site: DTLS for Python3 Based on PyDTLS . Ray Brown/Mobius Software LTD . Python Software Foundation.
15. Web site: An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1. Microsoft. 13 November 2012.
16. Web site: TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016. Justinha. docs.microsoft.com. en-us. 2017-09-01.
17. Web site: Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues. iOS Developer Library. Apple Inc.. 2012-05-03.
18. Web site: tinydtls . Olaf Bergmann . Eclipse Foundation.
19. Web site: Waher.Security.DTLS . Peter Waher . Waher Data AB.
20. Web site: wolfSSL Embedded SSL/TLS Library.
21. Web site: Secure UDP communications using DTLS in pure js . Dmitriy Tsvettsikh . GitHub.
22. Web site: DTLS in pure js . Dmitriy Tsvettsikh . npm.
23. Web site: Non blocking Java DTLS Implementation based on BouncyCastle and Netty . Mobius Software LTD . Mobius Software LTD.
24. Web site: pion/dtls: DTLS 1.2 Server/Client implementation for Go . Sean DuBois . GitHub.
25. Web site: californium/scandium: DTLS 1.2 Server/Client implementation for java and coap. Includes connection id extension. . Eclipse Foundation.
26. Web site: Simple Network Framework for Java (SNF4J). . SNF4J.ORG . GitHub.
27. Web site: AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer. . 26 February 2017.
28. Web site: OpenConnect. . 26 February 2017.
29. Web site: Cisco InterCloud Architectural Overview. Cisco Systems.
30. Web site: Cato Networks Cipher Suites Used by the Cato Socket and SDP Client . live.
31. Web site: Cato Networks Routing Traffic to an Off-Cloud Link . live.
32. Web site: ZScaler ZTNA 2.0 Tunnel. ZScaler.
33. Web site: f5 Datagram Transport Layer Security (DTLS). f5 Networks.
34. Web site: Using DTLS to improve SSL VPN performance. 25 February 2016. Fortinet.
35. Web site: array.c from OpenConnect. 23 May 2022.
36. Web site: Configuring a DTLS Virtual Server. Citrix Systems.
37. Web site: WebRTC Interop Notes . dead . https://web.archive.org/web/20130511043959/https://sites.google.com/site/webrtc/interop . 2013-05-11.
38. Web site: 2021-02-23. Firefox 86.0, See All New Features, Updates and Fixes. live. 2021-02-23. Mozilla. en. From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.. https://web.archive.org/web/20210222150939/https://www.mozilla.org/en-US/firefox/86.0/releasenotes/ . 2021-02-22 .
39. Web site: Plaintext-Recovery Attacks Against Datagram TLS.