Secure communication over the unreliable UDP transport with DTLS

The End

DTLS brings encryption capabilities similar to TLS to the connectionless UDP protocol. Both the OpenSSL and GnuTLS libraries provide a high level of security for DTLS connections. It is not a problem to perform the cookie exchange procedure during the DTLS handshake, but it is difficult to refuse this high level of protection. You can't use the only option to turn off the cookie exchange when configuring the DTLS object. You also can't use any stubs or NULL-pointer arguments.

GnuTLS makes you write a part of the server-side handshake procedure manually, which is not a user-friendly approach. OpenSSL already has all the necessary pieces in place, but the current implementation of the library is rather strange. In the future, greater adoption of DTLS will depend upon developers having access to simple and reliable libraries and frameworks with predictable behavior.

The Author

Andrei Kuzmenko is a professional software engineer and researcher. He is particularly interested in network technologies and Bash scripting. In the last 15 years, he has been working on Linux and its applications. C++ is his old passion.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Server Name Indication

    Server Name Indication lets you operate more than one SSL-protected service per IP address.

  • Two GnuTLS Bugfix Releases

    The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.

  • Vulnerabilities in OpenSSL

    Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

  • TCP Fast Open

    With TCP Fast Open, Google introduces a protocol extension, implemented in the Linux kernel, that avoids unnecessary latency in network traffic and promises up to 41 percent acceleration, depending on the application.

  • Security Lessons: Cryptographic Agility

    When dangerous security flaws are discovered, being able to switch to alternative software can be crucial.

comments powered by Disqus