Communications protocol; lets datagram-based applications communicate in a way designed to prevent eavesdropping, tampering, or message forgery
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.
DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS. The DTLS 1.3 specification is being worked on and, like previous DTLS versions, is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".
In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when Cipher Block Chaining mode encryption was used.
^Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi (October 2005). "Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency". In Atiquzzaman, Mohammed; Balandin, Sergey I (eds.). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III. 6011. Bibcode:2005SPIE.6011..138H. CiteSeerX10.1.1.78.5815. doi:10.1117/12.630496. S2CID8945952.
^"Firefox 86.0, See All New Features, Updates and Fixes". Mozilla. 2021-02-23. Retrieved 2021-02-23. From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.