Is there a recommended DTLS library?

Question

Is there a dtls library that you recommended?

Answer 1

You might take a look at OpenSSL. It handles both TLS and DTLS protocols.

To get an example, you might also want to look at the source code of OpenVPN.

I implemented a C++ abstraction layer for both TLS/DTLS using these sources.

Anyway, you'll have to be very patient since OpenSSL API is spread across multiple sources and doesn't provide an effecient way to "search" for a particular function or structure.

Answer 2

The open source CyaSSL library supports both DTLS 1.0 and DTLS 1.2 as well, in addition to standard SSL/TLS protocols up to TLS 1.2. Written in C, there is also a Java wrapper available.

The CyaSSL Manual is a good reference regarding usage and guidance, and the download package contains both client and server examples to help users get up and running more quickly (found under the ./examples directory).

The following Wikipedia article can be a good reference point when comparing SSL/TLS libraries: http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations.

Answer 3

I wrote a commentary/guide on how Net-SNMP used OpenSSL to implement DTLS:

http://www.net-snmp.org/wiki/index.php/DTLS_Implementation_Notes

Unfortunately, there are probably a few things incorrect and out of date with it. But it's still a better starting place because there is very little usable documentation out there at all.

Answer 4

Openssl starts to support DTLS 1.0 since version 0.9.8, and version 1.0.1c or above is recommended due to some DTLS-related fixes(support for DTLS-SRTP, avoiding DTLS DoS attack, etc.)

If DTLS 1.2 is needed, openssl version 1.1.0 is necessary.

Answer 5

DTLS is supported in the GnuTLS library as well. Information on the API and examples are provided in the GnuTLS Manual.