There are key differences between DTLS and Transport Layer Security Protocol (TLS), which an application programmer needs to know that other answers that are missing / implied do not exist!
The DTLS protocol provides communications privacy for datagram protocols. Contrary to the existing highest ratings of responses at the time of writing (archive) , DTLS is not an implementation of TLS over UDP (or datagram protocols in general). It includes the implementation of a very TLS-like handshake, modified to work on datagram protocols. The implementation really solves the problems of reordering and packet loss, but only for packets used to establish DTLS communications (and select a cipher). In other words, the βflightsβ that deliver these packets are delivered reliably. However, DTLS packets containing the payload (application data) deliver their payload no more reliably than DTLS packets (usually UDP) that encapsulate them.
In addition, although the DTLS protocol (v1.2) is derived from the TLS protocol (v1.2) and claims to provide equivalent security guarantees, it does not. 2 Back in 2013, researchers identified major security flaws in both DTLS implementations and in the DTLS protocol itself, which have since been fixed, at least in the implementation of GnuTLS and OpenSSL. 2
Finally, the OP asks how application flows differ when using TLS and DTLS. TLS is designed for reliable and end-to-end data flow delivery with authenticated encryption. DTLS is designed to deliver end-to-end authenticated and encrypted application data, but with less delay than can be achieved when all the application data is guaranteed to be delivered. This is why DTLS is used to protect streaming applications where losses are less important than delays, such as VoIP, live video streams and MMO games.
PS: DTLS 1.3 is under development. 3
Matthew elvey
source share