Add DTLS (TLS over UDP) support

Question

Add DTLS (TLS over UDP) support

OrenShm opened this issue 4 years ago · comments

What OS?

Windows
Mac
Linux (Which distro?)

Description of issue

Currently the packet sender supports udp \ tcp \ ssl (TLS).
It would be great if it could also support DTLS (Datagram TLS == "TLS over UDP").

It could be checked again OpenSSL \ mbedTLS.

Opening DTLS server using mbedTLS:
./programs/ssl/ssl_server2 ca_file=<ca_cert> crt_file=<server_cert> key_file=<key_file> server_addr=<hostname_ip> server_port=<server_port> auth_mode=required dtls=1

Opening DTLS server using OpenSSL:
openssl s_server -accept <server_port> -auth -cert <server_cert> -key <server_key> -cert2 <server_cert> -key2 <server_key> -CAfile <ca_cert> -servername -Verify required -dtls1_2

An echo server of DTLS could be found here (It also requires openssl)-
https://github.com/nplab/DTLS-Examples

Dan Nagle · Answer 1 · Wed Dec 16 2020 23:49:32 GMT+0800 (China Standard Time)

Very interesting idea. A few years back when I looked at this, I determined DTLS was not that stable with hard-to-find examples. It seems worth another look now.

OrenShm · Answer 2 · Thu Dec 17 2020 23:29:03 GMT+0800 (China Standard Time)

Sounds great, thanks 👍

Dan Foxley · Answer 3 · Wed Mar 01 2023 02:05:16 GMT+0800 (China Standard Time)

For a WebRTC application, the large DTLS (larger than MTU size) packet gets fragmented and reassembled. We've run into scenarios where firewalls are blocking large UPD.