Skip to content
/ dtls Public
forked from pion/dtls

DTLS 1.2 Server/Client implementation for Go

License

MIT license
0 stars 157 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jfdive/dtls

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

459 Commits
.github
.github
 
 
e2e
e2e
 
 
examples
examples
 
 
fuzz/corpus
fuzz/corpus
 
 
internal
internal
 
 
pkg
pkg
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
AUTHORS.txt
AUTHORS.txt
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
bench_test.go
bench_test.go
 
 
certificate.go
certificate.go
 
 
certificate_test.go
certificate_test.go
 
 
cipher_suite.go
cipher_suite.go
 
 
cipher_suite_go114.go
cipher_suite_go114.go
 
 
cipher_suite_go114_test.go
cipher_suite_go114_test.go
 
 
cipher_suite_test.go
cipher_suite_test.go
 
 
codecov.yml
codecov.yml
 
 
compression_method.go
compression_method.go
 
 
config.go
config.go
 
 
config_test.go
config_test.go
 
 
conn.go
conn.go
 
 
conn_go_test.go
conn_go_test.go
 
 
conn_test.go
conn_test.go
 
 
crypto.go
crypto.go
 
 
crypto_test.go
crypto_test.go
 
 
dtls.go
dtls.go
 
 
errors.go
errors.go
 
 
errors_errno.go
errors_errno.go
 
 
errors_errno_test.go
errors_errno_test.go
 
 
errors_noerrno.go
errors_noerrno.go
 
 
errors_test.go
errors_test.go
 
 
flight.go
flight.go
 
 
flight0handler.go
flight0handler.go
 
 
flight1handler.go
flight1handler.go
 
 
flight2handler.go
flight2handler.go
 
 
flight3handler.go
flight3handler.go
 
 
flight4bhandler.go
flight4bhandler.go
 
 
flight4handler.go
flight4handler.go
 
 
flight5bhandler.go
flight5bhandler.go
 
 
flight5handler.go
flight5handler.go
 
 
flight6handler.go
flight6handler.go
 
 
flighthandler.go
flighthandler.go
 
 
fragment_buffer.go
fragment_buffer.go
 
 
fragment_buffer_test.go
fragment_buffer_test.go
 
 
fuzz.go
fuzz.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handshake_cache.go
handshake_cache.go
 
 
handshake_cache_test.go
handshake_cache_test.go
 
 
handshake_test.go
handshake_test.go
 
 
handshaker.go
handshaker.go
 
 
handshaker_test.go
handshaker_test.go
 
 
listener.go
listener.go
 
 
nettest_test.go
nettest_test.go
 
 
packet.go
packet.go
 
 
renovate.json
renovate.json
 
 
replayprotection_test.go
replayprotection_test.go
 
 
resume.go
resume.go
 
 
resume_test.go
resume_test.go
 
 
session.go
session.go
 
 
srtp_protection_profile.go
srtp_protection_profile.go
 
 
state.go
state.go
 
 
util.go
util.go
 
 

Repository files navigation


Pion DTLS

A Go implementation of DTLS

Pion DTLS Sourcegraph Widget Slack Widget
Build Status GoDoc Coverage Status Go Report Card Codacy Badge License: MIT


Native DTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maybe an inclusion in stdlib.

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributions that fall under the 'Planned Features' and any bug fixes!

Current features

  • DTLS 1.2 Client/Server
  • Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
  • Packet loss and re-ordering is handled during handshaking
  • Key export (RFC 5705)
  • Serialization and Resumption of sessions
  • Extended Master Secret extension (RFC 7627)

Supported ciphers

ECDHE
  • TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)
PSK
  • TLS_PSK_WITH_AES_128_CCM (RFC 6655)
  • TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
  • TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
  • TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

Planned Features

  • Chacha20Poly1305

Excluded Features

  • DTLS 1.0
  • Renegotiation
  • Compression

Using

This library needs at least Go 1.13, and you should have Go modules enabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate
  openssl ecparam -out key.pem -name prime256v1 -genkey
  openssl req -new -sha256 -key key.pem -out server.csr
  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem

  // Use with examples/dial/selfsign/main.go
  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444

  // Use with examples/listen/selfsign/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go
go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go
  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8

  // Use with examples/listen/psk/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

License

MIT License - see LICENSE for full text

About

DTLS 1.2 Server/Client implementation for Go

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

47 tags

Packages

No packages published

Languages

  • Go 98.7%
  • Shell 1.3%