We’re building a kernel-native DTLS 1.3 stack — the full wolfSSL handshake and record layer running entirely in Linux kernel context, with no userspace daemon. Before we commit to productizing it, we want to know who needs it.
If you encrypt UDP traffic from inside the kernel today, you bounce every packet out to userspace and back, or you reimplement DTLS against the kernel crypto API. Nobody offers a complete kernel-native DTLS 1.3 stack. Anywhere.
The engineering is done. We have a working prototype: wolfdtls_echo.ko, multi-client, clean rmmod under load, passes KASAN + LOCKDEP + KFENCE on kernel 7.0.3 and Ubuntu 22.04. Our existing FIPS 140-3 certificate (wolfCrypt, #4718) covers the crypto.
This matters for organizations building kernel-side telemetry exporters, kernel VPN endpoints, and FIPS-validated network appliances. Federal agencies, defense contractors, and regulated industries can’t put a userspace daemon in the trust path for authenticated kernel data export — but with this approach they don’t have to.
If your organization needs kernel-native DTLS 1.3 (or kernel-native TLS 1.3 — the same approach extends), tell us about it. What’s your deployment? What compliance requirement are you working under? Would you want it as a standalone libkdtls.ko, an integrated telemetry sender, or a FIPS-validated bundle?
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now