From Net-SNMP Wiki
Jump to: navigation, search

DTLS stands for "Datagram Transport Layer Security" and is a method of sending TLS packets over datagram based protocols like UDP and SCTP. It is defined in RFC4357. It uses X.509 certificates for authenticating both sides of the connection.

DTLS Support in Net-SNMP

Release 5.6: RFC 5953 Full support

Net-SNMP 5.6 and above contains full support for SNMP over TLS and DTLS (RFC5953). This support is not enabled by default in release 5.6. The configure arguments needed to enable support are here.

Release 5.5: Experimental support

Net-SNMP 5.5 had experimental code added while the RFC was being drafted. The final RFC has some differences that are incompatible with the experimental code in release 5.5, so 5.5 code will not interoperate with the code in release 5.6

Experimenting with DTLS

The Net-SNMP test server is publicly available for SNMP testing. Once you have Net-SNMP release 5.6 or later installed, you can download and install the certificates needed to test secure DTLS communications to the test server. The tutorial can be found at Using TLS.

Configuring DTLS

If you would like to set up certificates for your Net-SNMP agent(s), instructions can be found on the Using DTLS page.

DTLS Implementation Notes

If you are developing your own DTLS implementation, we have some notes about some issues we ran into with using OpenSSL for supporting SNMP over DTLS within Net-SNMP. They can be found on the DTLS Implementation Notes page.