資料包傳輸層安全
資料包傳輸層安全(英語:Datagram Transport Layer Security,縮寫為 DTLS),又譯數據包傳輸層安全,是一種通訊協定,它向基于数据报的应用提供傳送安全性,使应用能以一种防止窃听、篡改、伪造的方式[1][2]通信。DTLS协议基于面向字串流的TLS协议,意在提供類似的安全保護。DTLS常用於串流媒體。由于DTLS采用UDP或SCTP而不是TCP,它能在用于创建VPN通道时避免“TCP熔断问题”。[3][4]
定義
下列文档定义DTLS:
- RFC 6347,在使用者資料包協定(UDP)上使用
- RFC 5238,在數據擁塞控制協議(DCCP)上使用
- RFC 6083,在流控制传输协议(SCTP)上使用
- RFC 5764,在安全实时传输协议(SRTP)上使用,也被稱為DTLS-SRTP[5]
DTLS 1.0的底層為TLS 1.1,DTLS 1.2的底層為TLS 1.2,DTLS 1.3的底層為TLS 1.3。DTLS 1.1并不存在,为了与TLS版本编号相协调,这个版本编号略过了。[2]就像前期的DTLS版本一样,DTLS 1.3意在提供“[与TLS 1.3]等价的安全性保证,除顺序保护/不可重放性”。[6]
实现
函数库
| 实现 | DTLS 1.0[1] | DTLS 1.2[2] |
|---|---|---|
| Botan | 是 | 是 |
| cryptlib | 否 | 否 |
| GnuTLS | 是 | 是 |
| Java安全套接字扩展 | 是 | 是 |
| LibreSSL | 是 | 是[7] |
| libsystools[8] | 是 | 否 |
| MatrixSSL | 是 | 是 |
| mbed TLS(旧称 PolarSSL) | 是[9] | 是[9] |
| 网络安全服务 | 是[10] | 是[11] |
| OpenSSL | 是 | 是[12] |
| PyDTLS[13][14] | 是 | 是 |
| Python3-dtls[15][16] | 是 | 是 |
| RSA BSAFE | 否 | 否 |
| s2n | 否 | 否 |
| Schannel XP/2003, Vista/2008 | 否 | 否 |
| Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10 | 是[17] | 否[17] |
| Schannel 10 (1607), 2016 | 是 | 是[18] |
| Secure Transport OS X 10.2–10.7 / iOS 1–4 | 否 | 否 |
| Secure Transport OS X 10.8–10.10 / iOS 5–8 | 是[19] | 否 |
| SharkSSL | 否 | 否 |
| tinydtls [20] | 否 | 是 |
| Waher.Security.DTLS [21] | 否 | 是 |
| wolfSSL(旧称 CyaSSL) | 是 | 是 |
| @nodertc/dtls [22][23] | 否 | 是 |
| java-dtls[24] | 是 | 是 |
| pion/dtls[25] (Go) | 否 | 是 |
| californium/scandium[26] (Java) | 否 | 是 |
| SNF4J[27] (Java) | 是 | 是 |
| 实现 | DTLS 1.0 | DTLS 1.2 |
参考资料
- ^ 1.0 1.1 Rescorla, Eric; Modadugu, Nagendra. Datagram Transport Layer Security. April 2006. RFC 4347.
- ^ 2.0 2.1 2.2 Rescorla, Eric; Modadugu, Nagendra. Datagram Transport Layer Security Version 1.2. January 2012. RFC 6347.
- ^ Titz, Olaf. Why TCP Over TCP Is A Bad Idea. 2001-04-23 [2015-10-17]. (原始内容存档于2015-09-01).
- ^ Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi. Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency. Atiquzzaman, Mohammed; Balandin, Sergey I (编). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III 6011. October 2005. Bibcode:2005SPIE.6011..138H. CiteSeerX 10.1.1.78.5815
. S2CID 8945952. doi:10.1117/12.630496.
- ^ Peck, M.; Igoe, K. Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP). IETF. 2012-09-25 [2022-09-08]. (原始内容存档于2021-02-25).
- ^ The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. [2022-09-08]. (原始内容存档于2022-04-01).
- ^ LibreSSL 3.3.2 Release Notes. The OpenBSD Project. 2021-05-01 [2021-06-13]. (原始内容存档于2022-12-05).
- ^ Julien Kauffmann. libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL. SourceForge. [2022-09-08]. (原始内容存档于2022-09-09).
- ^ 9.0 9.1 mbed TLS 2.0.0 released. ARM. 2015-07-13 [2015-08-25]. (原始内容存档于2015-09-25).
- ^ NSS 3.14 release notes. Mozilla Developer Network. Mozilla. [2012-10-27]. (原始内容存档于2013-01-17).
- ^ NSS 3.16.2 release notes. Mozilla Developer Network. Mozilla. 2014-06-30 [2014-06-30]. (原始内容存档于2021-12-07).
- ^ As of version 1.0.2. The OpenSSL Project. The OpenSSL Project. 2015-01-22 [2015-01-26]. (原始内容存档于2014-09-04).
- ^ Ray Brown. pydtls - Datagram Transport Layer Security for Python. GitHub. [2022-09-08]. (原始内容存档于2018-06-11).
- ^ Ray Brown. DTLS for Python. Python Software Foundation. [2022-09-08]. (原始内容存档于2016-03-03).
- ^ Ray Brown/Mobius Software LTD. pydtls - Datagram Transport Layer Security for Python. GitHub. [2022-09-08]. (原始内容存档于2022-09-08).
- ^ Ray Brown/Mobius Software LTD. DTLS for Python3 Based on PyDTLS. Python Software Foundation.
- ^ 17.0 17.1 An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1. Microsoft. [13 November 2012]. (原始内容存档于2014-02-03).
- ^ Justinha. TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016. docs.microsoft.com. [2017-09-01]. (原始内容存档于2018-02-28) (美国英语).
- ^ Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues. iOS Developer Library. Apple Inc. [2012-05-03]. (原始内容存档于2015-04-03).
- ^ Olaf Bergmann. tinydtls. Eclipse基金会. [2022-09-08]. (原始内容存档于2022-09-01).
- ^ Peter Waher. Waher.Security.DTLS. Waher Data AB. [2022-09-08]. (原始内容存档于2022-09-08).
- ^ Dmitriy Tsvettsikh. Secure UDP communications using DTLS in pure js. GitHub. [2022-09-08]. (原始内容存档于2019-03-23).
- ^ Dmitriy Tsvettsikh. DTLS in pure js. npm. [2022-09-08]. (原始内容存档于2019-08-14).
- ^ Mobius Software LTD. Non blocking Java DTLS 实现 based on BouncyCastle and Netty. Mobius Software LTD. [2022-09-08]. (原始内容存档于2019-03-23).
- ^ Sean DuBois. pion/dtls: DTLS 1.2 Server/Client 实现 for Go. GitHub. [2022-09-08]. (原始内容存档于2019-12-26).
- ^ californium/scandium: DTLS 1.2 Server/Client 实现 for java and coap. Includes connection id extension.. Eclipse基金会. [2022-09-08]. (原始内容存档于2020-07-17).
- ^ SNF4J.ORG. Simple Network Framework for Java (SNF4J).. GitHub. [2022-09-08]. (原始内容存档于2022-09-09).
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.
Cover photo is available under {{::mainImage.info.license.name || 'Unknown'}} license.
Cover photo is available under {{::mainImage.info.license.name || 'Unknown'}} license.
Credit:
(see original file).
