- What is the functional difference between TLS and DTLS?
- How does application flow/negotiation differ while using TLS vs DTLS?
Basically DTLS is to construct TLS over datagram (UDP, DCCP, etc.)
DTLS is similar to TLS intentionally except that DTLS has to solve two problems: packet lost and reordering. DTLS implements
- packet retransmission
- assigning sequence number within the handshake
- replay detection.
See RFC 6347 for details.
The idea is that DTLS is to TLS as UDP is to TCP, as much as possible.
See https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/ which will likely obsolete RFC 6347 for details on the specification, as well as links to discussions thereof.
There are key differences between DTLS and the Transport Layer Security (TLS) protocol that the application programmer needs to be aware of that other answers miss/imply do not exist!
The DTLS protocol provides communications privacy for datagram protocols. Contrary to the extant top-rated answers as of this writing(archive), DTLS is not an implementation (or "construct") of TLS over UDP (or datagram protocols in general), and, replay detection is a required feature of TLS, but optional in DTLS. DTLS includes an implementation of a very TLS-like handshake, modified to work over datagram protocols. The implementation does handle the problems of packet reordering and loss, but only for the packets used for the DTLS handshake (and cipher selection). In other words, the "flights" that these packets deliver are delivered reliably. However, the DTLS packets containing payload (application data) may deliver their payload no more reliably than the DTLS packets (typically UDP) that encapsulate them.
Furthermore, while the DTLS protocol (v1.2) is derived from the TLS protocol (v1.2) and claims to "provide equivalent security guarantees", it does not.2 Back in 2013, researchers identified major security shortcomings in both DTLS implementations and in the DTLS protocol itself, that have since been rectified, at least in GnuTLS and OpenSSL implementations.2 In addition, DTLS does not guarantee non-replayability.
Finally, the OP asks how application flows differ while using TLS vs DTLS. TLS is intended to deliver a stream of data reliably and with authenticated encryption, end-to-end. DTLS is intended for the delivery of application data that is authenticated and encrypted end-to-end, but with lower latency than can be achieved when all application data delivery is guaranteed. This is why DTLS is used to secure streaming applications where losses are less important than latency, e.g. VoIP, live video feeds and MMO gaming.
PS: DTLS 1.3 is done/will probably have been published as an RFC by the time you read this.3
PPS: Oh, and if this was worth reading, don't miss RFC 7457, "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)". I'm surprised DTLS 1.3 (the final draft anyway) doesn't refer to it (such as from its Security Considerations section) (Suggested) and neither does the TLS 1.3 spec!
DTLS is an implementation of TLS over UDP (a datagram protocol). per wikipedia, TLS uses TCP, and DTLS uses UDP, so all the classic differences apply. UDP communications exist as streams of packets with no ordering, delivery reliability, or flow control. applications that use datagram protocols need to make sure they can handle these concerns internally.
https://en.wikipedia.org/wiki/Transport_Layer_Security#Applications_and_adoption
One difference is that, due to being over UDP, stream ciphers are not allowed:
4.1.2.2. Null or Standard Stream Cipher
The DTLS NULL cipher is performed exactly as the TLS 1.2 NULL cipher.
The only stream cipher described in TLS 1.2 is RC4, which cannot be randomly accessed. RC4 MUST NOT be used with DTLS.
© 2022 - 2024 — McMap. All rights reserved.