TLS vs DTLS | Difference between TLS and DTLS
This page compares TLS vs DTLS and mentions difference between TLS vs DTLS types. It mentions basics of TLS and DTLS security protocol types.
TLS operates on top of the TCP layer but below the application layer. It can be considered as top sublayer for the Layer-4. DTLS is based on TLS protocol and provides equivalent security guarantees. DTLS protocol provides communications privacy for datagram protocols. Both of these protocols delivers data communication security over computer network. They are widely used in email, web, VoIP and other messaging applications.
What is TLS?
TLS encryption protocol provides secure transport connection between applications (e.g. web server and browser).
The main goal of TLS is as follows:
• Establish session by agreeing on algorithms, sharing secrets and performing authentication.
• Transfer application data with the use of symmetric encryption and data integrity (e.g. keyed message authentication code).
• TLS stands for Transport Layer Security.
• TLS uses record protocol to transfer application and TLS information.
• A session is established using handshake protocol.
Other layers of TLS are same as SSL and TLS 1.0 is equivalent to SSL V3.1. These have been depicted in the figure above.
TLS Versions-TLS 1.0, TLS 1.1, TLS 1.2
Following table mentions features of TLS versions e.g. TLS 1.0, TLS 1.1 and TLS 1.2.
|TLS 1.0||It is defined in RFC 2246, in the year 1999. It is upgrade of SSL V3.0.|
|TLS 1.1||It was defined in RFC 4346 (April 2006). It is upgrade version of TLS V1.0. It adds protection against CBC attacks.|
|TLS 1.2||It was defined in RFC 5246 (August 2008).|
Also refer difference between TLS vs SSL encryption types >> for difference between TLS and SSL protocol types.
What is DTLS?
• DTLS stands for Datagram Transport Layer Security protocol.
• It is defined in RFC 6347 (V1.2)
• DTLS provides UDP based transport while using TLS security. As a result, as with UDP, it does not re-order or re-transmit packets.
• Following table mentions handshake difference between TLS and DTLS.
|RFC||RFC 4346 (V1.1), RFC 5246 (V1.2), RFC 8446 (V1.3)||RFC 6347 (V1.2)|
|Function||It must run over a reliable transport channel based on TCP. It cannot be used to secure unreliable datagram traffic.||It is used to construct "TLS over datagram".|
|Runs above which Protocol||TLS covers both security for TCP and UDP transport types.||DTLS is implied if the transport type is UDP.|
|Message Sequence Number||Does not exist||2|
|Fragment Offset||Does not exist||3|
|Fragment Length||Does not exist||3|
|Role||Client only||Server and Client|