dockerfiles/anylink/dtls-2.0.9

Pion DTLS

A Go implementation of DTLS

Native DTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maye inclusion in stdlib.

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributes that fall under the 'Planned Features' and fixing any bugs!

Current features

• DTLS 1.2 Client/Server
• Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
• Packet loss and re-ordering is handled during handshaking
• Key export (RFC 5705)
• Serialization and Resumption of sessions
• Extended Master Secret extension (RFC 7627)

Supported ciphers

ECDHE

• TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
• TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)

PSK

• TLS_PSK_WITH_AES_128_CCM (RFC 6655)
• TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
• TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
• TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

Planned Features

• Chacha20Poly1305

Excluded Features

• DTLS 1.0
• Renegotiation
• Compression

Using

This library needs at least Go 1.13, and you should have Go modules enabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate
  openssl ecparam -out key.pem -name prime256v1 -genkey
  openssl req -new -sha256 -key key.pem -out server.csr
  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem

  // Use with examples/dial/selfsign/main.go
  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444

  // Use with examples/listen/selfsign/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go

go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go
  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8

  // Use with examples/listen/psk/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

• Sean DuBois - Original Author
• Michiel De Backker - Public API
• Chris Hiszpanski - Support Signature Algorithms Extension
• Iñigo Garcia Olaizola - Serialization & resumption, cert verification, E2E
• Daniele Sluijters - AES-CCM support
• Jin Lei - Logging
• Hugo Arregui
• Lander Noterman
• Aleksandr Razumov - Fuzzing
• Ryan Gordon
• Stefan Tatschner
• Hayden James
• Jozef Kralik
• Robert Eperjesi
• Atsushi Watanabe
• Julien Salleyron - Server Name Indication
• Jeroen de Bruijn
• bjdgyc
• Jeffrey Stoke (Jeff Ctor) - Fragmentbuffer Fix
• Frank Olbricht
• ZHENK
• Carson Hoffman
• Vadim Filimonov
• Jim Wert
• Alvaro Viebrantz
• Kegan Dougal
• Michael Zabka

License

MIT License - see LICENSE for full text