Secure communication over the unreliable UDP transport with DTLS

Secret Delivery

© Lead Image © Daniel Villeneuve,

© Lead Image © Daniel Villeneuve,

Article from Issue 247/2021

TLS encryption is wonderful if it is running over a reliable transport protocol like TCP; but if your needs call for the less reliable UDP transport, you'd better start learning about DTLS.

TCP/IP is at the heart of the Internet, and the Transport layer is at the heart of TCP/IP. The Transport layer is responsible for end-to-end connections between the sender and receiver over a TCP/IP network. The two most common Transport layer protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Nearly all Internet traffic uses either TCP or UDP.

TCP is connection-oriented, which means that a connection between the client and server is established before data can be sent. The TCP protocol provides reliable ordering and error-checked delivery. UDP is a connectionless protocol, which means it provides only minimal information and has no handshaking procedure. UDP does not offer a guarantee of ordering or delivery. Of course, the brevity of UDP makes it much faster than the steady and careful TCP, so applications that don't require a high level of reliability tend to use UDP.

TCP and UDP were created in more innocent days of an Internet, when networks did not face the security challenges we deal with today. The Transport Layer Security (TLS) protocol (and its predecessor SSL) were developed to provide encryption for communication security at the Transport layer. TLS offers privacy and data integrity between two communicating network nodes; however, it requires a reliable transport protocol, which means it won't work with the simple and unreliable UDP. TLS assumes that the packets arrive in the correct order, which TCP ensures but UDP does not.


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Vulnerabilities in OpenSSL

    Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

  • Server Name Indication

    Server Name Indication lets you operate more than one SSL-protected service per IP address.

  • Two GnuTLS Bugfix Releases

    The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.

  • TCP Fast Open

    With TCP Fast Open, Google introduces a protocol extension, implemented in the Linux kernel, that avoids unnecessary latency in network traffic and promises up to 41 percent acceleration, depending on the application.

  • Security Lessons: Cryptographic Agility

    When dangerous security flaws are discovered, being able to switch to alternative software can be crucial.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95