DTLS is in openssl 0.9.8a. There are some bugs in it and it doesn't exactly
comply with the DTLS draft (the change cipherspec is incorrectly encoded).
I am still waiting for patches to fix the problems. I didn't actually code
anything with the openssl APIs. I only used the sample client/server apps
for interop testing with a DTLS SDK I created for the company I work for.
Take a look at the sample apps and you should be able to figure out most of
the details for how to add it to your own app.
One thing to remember is that DTLS does not ensure that your application
data is delivered reliably. Datagrams may be lost or arrive out of order.
That is something you will have to deal with yourself. DTLS only ensures
that the handshake protocol can be reliably negotiated, through a
combination of message fragmentation and re-transmission timers. Alerts and
application datagrams are never re-transmitted and may not be delivered in
the same order they were sent by the peer. If you already have an
application running over UDP then you probably already have a way for
dealing with these issues or you maybe don't need to care. If you are moving
an application from TCP w/TLS to UDP w/DTLS then you will have to implement
some mechanism to handle these issues for your application data. I believe
the openssl sample apps simply ignore these issues.
hope this helps
>From: Pjothi <[hidden email]>
>Reply-To: [hidden email] >To: [hidden email] >Subject: Does OpenSSL has DTLS support
>Date: Sat, 28 Jan 2006 20:14:47 +0100
> Dear all,
>Does OpenSSL has DTLS support ? If yes, from which version is DTLS
>? Are there any tutorials /briefs avaiable for adding DTLS support for
>It would be very helpful if any of you can give me some information
>I thank you one and all,