74f6048d44
Update Pion.DTLS to 2.2.6 and reduce inbound MTU size |
||
---|---|---|
.github | ||
e2e | ||
examples | ||
internal | ||
pkg | ||
.editorconfig | ||
.gitignore | ||
.golangci.yml | ||
.goreleaser.yml | ||
AUTHORS.txt | ||
LICENSE | ||
README.md | ||
bench_test.go | ||
certificate.go | ||
certificate_test.go | ||
cipher_suite.go | ||
cipher_suite_go114.go | ||
cipher_suite_go114_test.go | ||
cipher_suite_test.go | ||
codecov.yml | ||
compression_method.go | ||
config.go | ||
config_test.go | ||
conn.go | ||
conn_go_test.go | ||
conn_test.go | ||
crypto.go | ||
crypto_test.go | ||
dtls.go | ||
errors.go | ||
errors_errno.go | ||
errors_errno_test.go | ||
errors_noerrno.go | ||
errors_test.go | ||
flight.go | ||
flight0handler.go | ||
flight1handler.go | ||
flight2handler.go | ||
flight3handler.go | ||
flight4bhandler.go | ||
flight4handler.go | ||
flight4handler_test.go | ||
flight5bhandler.go | ||
flight5handler.go | ||
flight6handler.go | ||
flighthandler.go | ||
fragment_buffer.go | ||
fragment_buffer_test.go | ||
go.mod | ||
go.sum | ||
handshake_cache.go | ||
handshake_cache_test.go | ||
handshake_test.go | ||
handshaker.go | ||
handshaker_test.go | ||
listener.go | ||
nettest_test.go | ||
packet.go | ||
renovate.json | ||
replayprotection_test.go | ||
resume.go | ||
resume_test.go | ||
session.go | ||
srtp_protection_profile.go | ||
state.go | ||
util.go |
README.md
Pion DTLS
A Go implementation of DTLS
Native DTLS 1.2 implementation in the Go programming language.
A long term goal is a professional security review, and maybe an inclusion in stdlib.
Goals/Progress
This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributions that fall under the 'Planned Features' and any bug fixes!
Current features
- DTLS 1.2 Client/Server
- Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
- Packet loss and re-ordering is handled during handshaking
- Key export (RFC 5705)
- Serialization and Resumption of sessions
- Extended Master Secret extension (RFC 7627)
- ALPN extension (RFC 7301)
Supported ciphers
ECDHE
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)
PSK
- TLS_PSK_WITH_AES_128_CCM (RFC 6655)
- TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
- TLS_PSK_WITH_AES_256_CCM_8 (RFC 6655)
- TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
- TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)
ECDHE & PSK
- TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (RFC 5489)
Planned Features
- Chacha20Poly1305
Excluded Features
- DTLS 1.0
- Renegotiation
- Compression
Using
This library needs at least Go 1.13, and you should have Go modules enabled.
Pion DTLS
For a DTLS 1.2 Server that listens on 127.0.0.1:4444
go run examples/listen/selfsign/main.go
For a DTLS 1.2 Client that connects to 127.0.0.1:4444
go run examples/dial/selfsign/main.go
OpenSSL
Pion DTLS can connect to itself and OpenSSL.
// Generate a certificate
openssl ecparam -out key.pem -name prime256v1 -genkey
openssl req -new -sha256 -key key.pem -out server.csr
openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem
// Use with examples/dial/selfsign/main.go
openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444
// Use with examples/listen/selfsign/main.go
openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem
Using with PSK
Pion DTLS also comes with examples that do key exchange via PSK
Pion DTLS
go run examples/listen/psk/main.go
go run examples/dial/psk/main.go
OpenSSL
// Use with examples/dial/psk/main.go
openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8
// Use with examples/listen/psk/main.go
openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8
Contributing
Check out the contributing wiki to join the group of amazing people making this project possible:
License
MIT License - see LICENSE for full text