Go DTLS 1.2 implementation. The original user is pion-WebRTC, but we would love to see it work for everyone.
A long term goal is a professional security review, and maye inclusion in stdlib.
This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributes that fall under the 'Planned Features' and fixing any bugs!
- DTLS 1.2 Client/Server
- Forward secrecy using ECDHE; with curve25519 and nistp256 (non-PFS will not be supported)
- AES_128_GCM, AES_256_CBC
- Packet loss and re-ordering is handled during handshaking
- Key export (RFC5705)
- Extended master secret support (RFC7627)
- Chacha20Poly1305
- DTLS 1.0
- Renegotiation
- Compression
For a DTLS 1.2 Server that listens on 127.0.0.1:4444
go run examples/listen/main.goFor a DTLS 1.2 Client that connects to 127.0.0.1:4444
go run examples/dial/main.goPion DTLS can connect to itself and OpenSSL.
// Generate a certificate
openssl ecparam -out key.pem -name prime256v1 -genkey
openssl req -new -sha256 -key key.pem -out server.csr
openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem
// Use with examples/dial/main.go
openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444
// Use with examples/listen/main.go
openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem
Check out the contributing wiki to join the group of amazing people making this project possible:
- Sean DuBois - Original Author
- Michiel De Backker - Public API
- Chris Hiszpanski - Support Signature Algorithms Extension
- Iñigo Garcia Olaizola - Support serialization and resumption"
- Daniele Sluijters - AES-CCM support
- Jin Lei - Logging
- Hugo Arregui
- Lander Noterman
MIT License - see LICENSE for full text