Secure communication over the unreliable UDP transport with DTLS
The End
DTLS brings encryption capabilities similar to TLS to the connectionless UDP protocol. Both the OpenSSL and GnuTLS libraries provide a high level of security for DTLS connections. It is not a problem to perform the cookie exchange procedure during the DTLS handshake, but it is difficult to refuse this high level of protection. You can't use the only option to turn off the cookie exchange when configuring the DTLS object. You also can't use any stubs or NULL-pointer arguments.
GnuTLS makes you write a part of the server-side handshake procedure manually, which is not a user-friendly approach. OpenSSL already has all the necessary pieces in place, but the current implementation of the library is rather strange. In the future, greater adoption of DTLS will depend upon developers having access to simple and reliable libraries and frameworks with predictable behavior.
Infos
- DTLS: https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security
- RFC 6347: https://tools.ietf.org/html/rfc6347
- OpenSSL: https://www.openssl.org/
- GnuTLS: https://www.gnutls.org/
- GnuTLS documentation: https://www.gnutls.org/documentation.html
- Code for this article: ftp://ftp.linux-magazine.com/pub/listings/linux-magazine.com/247/
« Previous 1 2
Buy this article as PDF
(incl. VAT)