wolfSSL’s Java JSSE provider (wolfJSSE) now supports DTLS 1.3! This support includes DTLS 1.3 on both client and server side through the SSLEngine interface. This support can be found in the wolfssljni GitHub master branch, and will be included in the next stable release.
Benefits of DTLS 1.3
DTLS 1.3 (see RFC 9147) brings improved security and performance over DTLS 1.2, including:
- Reduced handshake latency (fewer round trips)
- Enhanced privacy (encrypted handshake messages)
- Improved resilience against network attacks
- Modern cryptographic algorithms
Getting Started
wolfJSSE can be built on a number of platforms, including Unix/Linux, macOS, Windows, and Android. See the wolfSSL JNI/JSSE Manual for instructions on building the library.
Example Applications
wolfJSSE includes sample DTLS 1.3 client and server applications which can be used as a reference and to try out Java DTLS 1.3 functionality. To compile the examples run:
ant examples
The example client is located in “./examples/provider/DtlsClientEngine.java” and the server is located in “./examples/provider/DtlsServerEngine.java”. Each can be run from the root “wolfssljni” directory using the wrapper scripts that share the same name. Example output should be similar to:
./examples/provider/DtlsServerEngine.sh DTLS 1.3 Server listening on port 11113 DTLS 1.3 Server Engine created Waiting for client connection... Client connected from /127.0.0.1:58703 DEBUG: Sent packet with 176 bytes DEBUG: Received packet with 383 bytes DEBUG: Sent packet with 176 bytes DEBUG: Sent packet with 36 bytes DEBUG: Sent packet with 69 bytes DEBUG: Sent packet with 721 bytes DEBUG: Sent packet with 109 bytes DEBUG: Sent packet with 66 bytes DEBUG: Received packet with 908 bytes DEBUG: Received packet with 110 bytes DEBUG: Received packet with 66 bytes DEBUG: Sent packet with 72 bytes DEBUG: Sent packet with 255 bytes DTLS handshake completed successfully Pausing briefly before processing application data... DEBUG: Received packet with 40 bytes DEBUG: Received packet with 49 bytes Received from client: Hello from DTLS 1.3 Client! Echoing message back to client DEBUG: Sent packet with 49 bytes Closing connection... Connection closed ./examples/provider/DtlsClientEngine.sh Client socket created, connecting to localhost:11113 DTLS 1.3 Client Engine created Starting DTLS handshake... DEBUG: Sent packet with 310 bytes to localhost/127.0.0.1:11113 DEBUG: Received packet with 176 bytes from /127.0.0.1:11113 DEBUG: Sent packet with 383 bytes to localhost/127.0.0.1:11113 DEBUG: Received packet with 176 bytes from /127.0.0.1:11113 DEBUG: Received packet with 36 bytes from /127.0.0.1:11113 DEBUG: Received packet with 69 bytes from /127.0.0.1:11113 DEBUG: Received packet with 721 bytes from /127.0.0.1:11113 DEBUG: Received packet with 109 bytes from /127.0.0.1:11113 DEBUG: Received packet with 66 bytes from /127.0.0.1:11113 DEBUG: Sent packet with 908 bytes to localhost/127.0.0.1:11113 DEBUG: Sent packet with 110 bytes to localhost/127.0.0.1:11113 DEBUG: Sent packet with 66 bytes to localhost/127.0.0.1:11113 DEBUG: Received packet with 72 bytes from /127.0.0.1:11113 DTLS handshake completed successfully Processing post-handshake session tickets... Received post-handshake packet of 255 bytes, processing... Processed post-handshake packet: OK, consumed: 255, produced: 0 Pausing briefly before sending data... Pausing after handshake to allow connection to stabilize... Sending application data: Hello from DTLS 1.3 Client! DEBUG: Sent packet with 40 bytes to localhost/127.0.0.1:11113 DEBUG: Sent packet with 49 bytes to localhost/127.0.0.1:11113 Waiting for server response (allowing time for processing)... Now attempting to receive server response... Waiting for application data packet from server... Received packet of 49 bytes Raw bytes: 2F DA 82 00 2C DB B7 A5 0D 19 31 20 68 A2 0C 1C 91 75 F6 65 ... Unwrap result: OK, consumed: 49, produced: 27 Successfully decrypted data: Hello from DTLS 1.3 Client! Closing connection... Connection closed
If you have questions about using DTLS 1.3 from your Java application, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now