wolfSSL has support for the new DTLS 1.3 protocol. You can learn more about this protocol in our “What’s new in DTLS 1.3” blog post (https://www.wolfssl.com/whats-new-dtls-1-3/). Using DTLS 1.3 in wolfSSL is almost as easy as using DTLS 1.2! Client implementations only need to change their existing wolfDTLSv1_2_client_method() calls into wolfDTLSv1_3_client_method(). If you are using wolfSSL’s built-in network I/O, then you don’t need to worry about anything else! You can already start enjoying the benefits of TLS 1.3 in DTLS.
Server implementations need to start by changing their wolfDTLSv1_2_server_method() calls into wolfDTLSv1_3_server_method(). It is also recommended to use the cookie exchange with DTLS 1.3. Cookie exchange is enabled and the cookie secret is set using the wolfSSL_send_hrr_cookie() API.
If you are using custom network I/O callbacks in wolfSSL, there is one more new feature you need to be aware of. The wolfSSL_dtls13_use_quick_timeout() API should be used to set a quicker timeout. To allow for out-of-order delivery of handshake messages, wolfSSL will sometimes ask the user to set a quick timeout. The recommended timeout duration for a quick timeout is wolfSSL_dtls_get_current_timeout() / 4.
This new API is presented in these examples:
- https://github.com/wolfSSL/wolfssl-examples/blob/master/dtls/client-dtls13.c
Basic client example - https://github.com/wolfSSL/wolfssl-examples/blob/master/dtls/server-dtls13.c
Basic server example - https://github.com/wolfSSL/wolfssl-examples/blob/master/dtls/server-dtls13-event.c
Event driven server example with custom I/O callbacks using libevent
The examples can be compiled with make. The Basic Client example loop can be quit by sending “end” into the prompt.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.