RFTLS vs DTLS: A Comparison of Security Protocols
This article compares TLS and DTLS, highlighting their differences and providing a basic understanding of each security protocol.
Introduction
TLS (Transport Layer Security) sits above the TCP layer but below the application layer, essentially acting as a top sublayer for Layer-4 of the OSI model.
DTLS (Datagram Transport Layer Security) is based on TLS and aims to provide equivalent security guarantees but for datagram protocols. In essence, DTLS provides communications privacy for datagram-based communications.
Both TLS and DTLS are designed to deliver data communication security over computer networks. They are commonly used in email, web browsing, VoIP (Voice over IP), and other messaging applications.
What is TLS?
TLS is an encryption protocol that establishes a secure transport connection between applications, such as a web server and a browser.
The primary goals of TLS are:
- Session Establishment: Agreeing on encryption algorithms, exchanging secret keys, and performing authentication.
- Data Transfer: Securely transferring application data using symmetric encryption and ensuring data integrity with methods like keyed message authentication codes.
- TLS stands for Transport Layer Security.
- TLS utilizes a record protocol for transferring both application data and TLS-related information.
- A secure session is established through a handshake protocol.
The other layers in TLS are similar to SSL (Secure Sockets Layer). TLS 1.0 is functionally equivalent to SSL V3.1. The diagrams above illustrate these relationships.
TLS Versions: TLS 1.0, TLS 1.1, TLS 1.2
The following table outlines the key features of different TLS versions, including TLS 1.0, TLS 1.1, and TLS 1.2:
| TLS Version | Description |
|---|---|
| TLS 1.0 | Defined in RFC 2246 (1999). An upgrade of SSL V3.0. |
| TLS 1.1 | Defined in RFC 4346 (April 2006). An upgrade to TLS V1.0. Adds protection against CBC (Cipher Block Chaining) attacks. |
| TLS 1.2 | Defined in RFC 5246 (August 2008). |
For more information, refer to the difference between TLS vs SSL encryption types for further details on their distinctions.
What is DTLS?
- DTLS stands for Datagram Transport Layer Security protocol.
- It’s defined in RFC 6347 (V1.2).
- DTLS provides UDP-based transport while leveraging TLS security. As a result, similar to UDP, it doesn’t re-order or re-transmit packets.
The table below highlights the handshake differences between TLS and DTLS.
| Field | TLS | DTLS |
|---|---|---|
| RFC | RFC 4346 (V1.1), RFC 5246 (V1.2), RFC 8446 (V1.3) | RFC 6347 (V1.2) |
| Function | Must run over a reliable transport channel based on TCP. Cannot be used to secure unreliable datagram traffic. | Used to construct “TLS over datagram”. |
| Runs above which Protocol | TLS covers both security for TCP and UDP transport types. | DTLS is implied if the transport type is UDP. |
| Message Type | 1 | 1 |
| Message Length | 3 | 3 |
| Message Sequence Number | Does not exist | 2 |
| Fragment Offset | Does not exist | 3 |
| Fragment Length | Does not exist | 3 |
| Role | Client only | Server and Client |
