Pion DTLS

A Go implementation of DTLS

Native DTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maybe an inclusion in stdlib.

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributions that fall under the 'Planned Features' and any bug fixes!

Current features

DTLS 1.2 Client/Server
Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
Packet loss and re-ordering is handled during handshaking
Key export (RFC 5705)
Serialization and Resumption of sessions
Extended Master Secret extension (RFC 7627)

Supported ciphers

ECDHE

TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)

PSK

TLS_PSK_WITH_AES_128_CCM (RFC 6655)
TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

Planned Features

Chacha20Poly1305

Excluded Features

DTLS 1.0
Renegotiation
Compression

Using

This library needs at least Go 1.13, and you should have Go modules enabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate
  openssl ecparam -out key.pem -name prime256v1 -genkey
  openssl req -new -sha256 -key key.pem -out server.csr
  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem

  // Use with examples/dial/selfsign/main.go
  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444

  // Use with examples/listen/selfsign/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go

go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go
  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8

  // Use with examples/listen/psk/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

License

MIT License - see LICENSE for full text

Name	Name	Last commit message	Last commit date
Latest commit renovate-bot and Sean-Der Update golang.org/x/crypto commit hash to ae814b3 Dec 2, 2021 415eb6f · Dec 2, 2021 History 445 Commits
.github	.github	Update CI configs to v0.6.2	Nov 28, 2021
e2e	e2e	Upgrade e2e test to bullseye	Dec 2, 2021
examples	examples	Update CI configs to v0.4.7	Sep 29, 2020
fuzz/corpus	fuzz/corpus	Fuzz: fix more buffer indexing cases	May 24, 2019
internal	internal	Support two more ECDHE_*_AES_GCM ciphers	Sep 29, 2021
pkg	pkg	Add support for anonymous ciphers	Jan 31, 2021
.editorconfig	.editorconfig	Fuzz: initial commit	May 24, 2019
.gitignore	.gitignore	Update CI configs to v0.4.18	Nov 29, 2020
.golangci.yml	.golangci.yml	Update CI configs to v0.4.12	Nov 7, 2020
AUTHORS.txt	AUTHORS.txt	Support two more ECDHE_*_AES_GCM ciphers	Sep 29, 2021
LICENSE	LICENSE	Update README to match pion-WebRTC style	Dec 13, 2018
Makefile	Makefile	Fuzz: initial commit	May 24, 2019
README.md	README.md	Update pkg.go.gev link	Nov 19, 2021
bench_test.go	bench_test.go	Improve error handling and cleanup in tests	Mar 5, 2020
certificate.go	certificate.go	Refactor handshake state machine	Mar 5, 2020
certificate_test.go	certificate_test.go	Refactor handshake state machine	Mar 5, 2020
cipher_suite.go	cipher_suite.go	Support two more ECDHE_*_AES_GCM ciphers	Sep 29, 2021
cipher_suite_go114.go	cipher_suite_go114.go	Expose CipherSuite	Jan 28, 2021
cipher_suite_go114_test.go	cipher_suite_go114_test.go	Add CipherSuites and InsecureCipherSuites	Feb 9, 2020
cipher_suite_test.go	cipher_suite_test.go	Add support for anonymous ciphers	Jan 31, 2021
codecov.yml	codecov.yml	Update CI configs to v0.3.3	Aug 4, 2020
compression_method.go	compression_method.go	Move DTLS wire format to pkg	Jan 16, 2021
config.go	config.go	Add missing rsa.PrivateKey into validating config	Apr 2, 2021
config_test.go	config_test.go	Add missing rsa.PrivateKey into validating config	Apr 2, 2021
conn.go	conn.go	Add support for KeyLogWriter	Feb 24, 2021
conn_go_test.go	conn_go_test.go	Make handshake errors from Accept non-fatal	Jun 2, 2020
conn_test.go	conn_test.go	Always include NegotationInfo in ServerHello	Feb 17, 2021
crypto.go	crypto.go	Move CipherSuite to pkg or internal	Jan 24, 2021
crypto_test.go	crypto_test.go	Move DTLS wire format to pkg	Jan 16, 2021
dtls.go	dtls.go	Upgrade golangci-lint to 1.19.1	Jan 12, 2020
errors.go	errors.go	Add support for anonymous ciphers	Jan 31, 2021
errors_errno.go	errors_errno.go	Refactor errors	Mar 9, 2020
errors_errno_test.go	errors_errno_test.go	Refactor errors	Mar 9, 2020
errors_noerrno.go	errors_noerrno.go	Refactor errors	Mar 9, 2020
errors_test.go	errors_test.go	Tag all errors with correct types	Jan 16, 2021
flight.go	flight.go	Refactor handshake state machine	Mar 5, 2020
flight0handler.go	flight0handler.go	Always include NegotationInfo in ServerHello	Feb 17, 2021
flight1handler.go	flight1handler.go	Move DTLS wire format to pkg	Jan 16, 2021
flight2handler.go	flight2handler.go	Move DTLS wire format to pkg	Jan 16, 2021
flight3handler.go	flight3handler.go	Add support for anonymous ciphers	Jan 31, 2021
flight4handler.go	flight4handler.go	Add support for KeyLogWriter	Feb 24, 2021
flight5handler.go	flight5handler.go	Add support for KeyLogWriter	Feb 24, 2021
flight6handler.go	flight6handler.go	Move CipherSuite to pkg or internal	Jan 24, 2021
flighthandler.go	flighthandler.go	Move DTLS wire format to pkg	Jan 16, 2021
fragment_buffer.go	fragment_buffer.go	Move Pseudorandom Functions to /pkg	Jan 24, 2021
fragment_buffer_test.go	fragment_buffer_test.go	Fragmentbuffer: Fix fragment parsing	Jun 2, 2020
fuzz.go	fuzz.go	Move DTLS wire format to pkg	Jan 16, 2021
go.mod	go.mod	Update golang.org/x/crypto commit hash to ae814b3	Dec 2, 2021
go.sum	go.sum	Update golang.org/x/crypto commit hash to ae814b3	Dec 2, 2021
handshake_cache.go	handshake_cache.go	Move Pseudorandom Functions to /pkg	Jan 24, 2021
handshake_cache_test.go	handshake_cache_test.go	Move CipherSuite to pkg or internal	Jan 24, 2021
handshake_test.go	handshake_test.go	Move DTLS wire format to pkg	Jan 16, 2021
handshaker.go	handshaker.go	Add support for KeyLogWriter	Feb 24, 2021
handshaker_test.go	handshaker_test.go	Add support for KeyLogWriter	Feb 24, 2021
listener.go	listener.go	Move DTLS wire format to pkg	Jan 16, 2021
nettest_test.go	nettest_test.go	Update CI configs to v0.4.7	Sep 29, 2020
packet.go	packet.go	Move DTLS wire format to pkg	Jan 16, 2021
renovate.json	renovate.json	Update CI configs to v0.6.0	Nov 16, 2021
replayprotection_test.go	replayprotection_test.go	Fix data race in TestReplayProtection	Apr 1, 2020
resume.go	resume.go	Add ConnectionState to Conn to return State	Mar 30, 2020
resume_test.go	resume_test.go	Update CI configs to v0.4.7	Sep 29, 2020
srtp_protection_profile.go	srtp_protection_profile.go	Move DTLS wire format to pkg	Jan 16, 2021
state.go	state.go	Always include NegotationInfo in ServerHello	Feb 17, 2021
util.go	util.go	Expose CipherSuite	Jan 28, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Pion DTLS

A Go implementation of DTLS

Goals/Progress

Current features

Supported ciphers

ECDHE

PSK

Planned Features

Excluded Features

Using

Pion DTLS

OpenSSL

Using with PSK

Pion DTLS

OpenSSL

Contributing

License

About

Releases

Packages

Languages

License

xy-poin/dtls

Folders and files

Latest commit

History

Repository files navigation

Pion DTLS

A Go implementation of DTLS

Goals/Progress

Current features

Supported ciphers

ECDHE

PSK

Planned Features

Excluded Features

Using

Pion DTLS

OpenSSL

Using with PSK

Pion DTLS

OpenSSL

Contributing

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages