DTLS
DTLS stands for "Datagram Transport Layer Security" and is a method of sending TLS packets over datagram based protocols like UDP and SCTP. It is defined in RFC4357. It uses X.509 certificates for authenticating both sides of the connection.
Contents
DTLS Support in Net-SNMP
Release 5.6: RFC 5953 Full support
Net-SNMP 5.6 and above contain full support for SNMP over TLS and DTLS (RFC5953). This support is not enabled by default in release 5.6. The configure arguments needed to enable support are here.
Release 5.5: Experimental support
Net-SNMP 5.5 had experimental code added while the RFC was being drafted. The final RFC has some differences that are incompatible with the experimental code in release 5.5, so 5.5 code will not interoperate with the code in release 5.6
Experimenting with DTLS
The Net-SNMP test server is publicly available for SNMP testing. Once you have Net-SNMP release 5.6 or later installed, you can download and install the certificates needed to test secure DTLS communications to the test server. The tutorial can be found at Using TLS.
Configuring DTLS
If you would like to set up certificates for your Net-SNMP agent(s), instructions can be found on the Using DTLS page.
DTLS Implementation Notes
If you are developing your own DTLS implementation, we have some notes about some issues we ran into with using OpenSSL for supporting SNMP over DTLS within Net-SNMP. They can be found on the DTLS Implementation Notes page.