Datagram Transport Layer Security (DTLS) is a
communications protocol providing
security to
datagram-based applications by allowing them to communicate in a way designed[1][2][3] to prevent
eavesdropping,
tampering, or
message forgery. The DTLS protocol is based on the
stream-oriented
Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses
UDP or
SCTP, the application has to deal with
packet reordering, loss of datagram and data larger than the size of a datagram
network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem",[4][5] when being used to create a VPN tunnel.
DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS.[2] Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".[7]
In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack[38] which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when
Cipher Block Chaining mode encryption was used.
^Titz, Olaf (2001-04-23).
"Why TCP Over TCP Is A Bad Idea". Archived from the original on 2023-03-10. Retrieved 2015-10-17.{{
cite web}}: CS1 maint: bot: original URL status unknown (
link)
^Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi (October 2005). "Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency". In Atiquzzaman, Mohammed; Balandin, Sergey I (eds.). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III. Vol. 6011.
Bibcode:
2005SPIE.6011..138H.
CiteSeerX10.1.1.78.5815.
doi:
10.1117/12.630496.
S2CID8945952.
^"Firefox 86.0, See All New Features, Updates and Fixes". Mozilla. 2021-02-23.
Archived from the original on 2021-02-22. Retrieved 2021-02-23. From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.