wolfSSL has support for the new DTLS 1.3 protocol. You can learn more about this protocol in our “What’s new in DTLS 1.3” blog post (https://www.wolfssl.com/whats-new-dtls-1-3/). Using DTLS 1.3 in wolfSSL is almost as easy as using DTLS 1.2! Client implementations only need to change their existing wolfDTLSv1_2_client_method() calls into wolfDTLSv1_3_client_method(). If you are using wolfSSL’s built-in network I/O, then you don’t need to worry about anything else! You can already start enjoying the benefits of TLS 1.3 in DTLS.
Server implementations need to start by changing their wolfDTLSv1_2_server_method() calls into wolfDTLSv1_3_server_method(). It is also recommended to use the cookie exchange with DTLS 1.3. Cookie exchange is enabled and the cookie secret is set using the wolfSSL_send_hrr_cookie() API.
If you are using custom network I/O callbacks in wolfSSL, there is one more new feature you need to be aware of. The wolfSSL_dtls13_use_quick_timeout() API should be used to set a quicker timeout. To allow for out-of-order delivery of handshake messages, wolfSSL will sometimes ask the user to set a quick timeout. The recommended timeout duration for a quick timeout is wolfSSL_dtls_get_current_timeout() / 4.
This new API is presented in these examples:
- https://github.com/wolfSSL/wolfssl-examples/blob/master/dtls/client-dtls13.c
Basic client example - https://github.com/wolfSSL/wolfssl-examples/blob/master/dtls/server-dtls13.c
Basic server example - https://github.com/wolfSSL/wolfssl-examples/blob/master/dtls/server-dtls13-event.c
Event driven server example with custom I/O callbacks using libevent
The examples can be compiled with make. The Basic Client example loop can be quit by sending “end” into the prompt.
Contact us at facts@wolfssl.com with any questions regarding DTLS 1.3.