DtlsSharp 1.0.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. 
dotnet add package DtlsSharp --version 1.0.1
                    


                    

                
NuGet\Install-Package DtlsSharp -Version 1.0.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DtlsSharp" Version="1.0.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="DtlsSharp" Version="1.0.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="DtlsSharp" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add DtlsSharp --version 1.0.1
                    


                    

                
#r "nuget: DtlsSharp, 1.0.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package DtlsSharp@1.0.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=DtlsSharp&version=1.0.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=DtlsSharp&version=1.0.1
                    


                            Install as a Cake Tool

Dtls โ€” DTLS for .NET

CI NativeAOT NuGet GitHub Packages

A cross-platform DTLS library for .NET that, like the BCL, uses the host operating system's cryptography. It supports DTLS 1.0, 1.2, and 1.3 with a modern, allocation-conscious (Span<T>) datagram API.

Status: actively developed and CI-green on Linux, Windows, and macOS. Working and verified end to end: the managed DTLS 1.3 engine (PSK, certificate, raw-public-key, mutual auth); the managed DTLS 1.2 engine (certificate, PSK, ECDHE-PSK, raw-public-key, mutual auth) used as the universal fallback where no native stack exists; the native Schannel (Windows), OpenSSL (Linux), and Network.framework (macOS) DTLS 1.2 backends, with the deprecated Secure Transport DTLS 1.0 stack as a fallback. The managed 1.2 engine is interop-tested against both OpenSSL and Schannel in CI (both directions), and the library negotiates a DTLS 1.3 โ†’ 1.2 downgrade automatically. See the documentation for details.

๐Ÿงฉ Why hybrid

No native OS DTLS stack supports DTLS 1.3 yet (OpenSSL, Schannel, and Apple all cap at DTLS 1.2). To deliver 1.3 everywhere and stay NativeAOT-compatible, this library uses a hybrid design:

DTLS version Engine Crypto provider
1.0, 1.2 Native OS stack (P/Invoke), or the managed C# engine where no native stack exists (iOS, Android) OpenSSL (Linux) ยท Schannel (Windows) ยท Network.framework / Secure Transport (macOS) ยท BCL (managed fallback)
1.3 Managed C# BCL System.Security.Cryptography (delegates to OpenSSL / CNG / Apple)

Delegating the legacy CBC-era 1.0/1.2 handshakes to hardened native stacks avoids hand-rolling the most dangerous (timing/padding-oracle prone) crypto, while the clean AEAD-only 1.3 path โ€” and the AEAD-only managed 1.2 fallback for platforms without a native stack โ€” is implemented in managed, AOT-friendly code.

โœจ Features

  • DTLS 1.3 (managed; client and server) with PSK, X.509 certificate (ECDSA / RSA-PSS), Raw Public Key (RFC 7250), and mutual authentication.
  • Managed DTLS 1.2 engine (client and server) โ€” the universal fallback where no native stack exists (iOS, Android) โ€” with certificate (ECDSA / RSA-PKCS#1), PSK and forward-secret ECDHE-PSK, Raw Public Key, and mutual authentication, plus extended_master_secret (RFC 7627) and the stateless HelloVerifyRequest cookie. Interop-tested in CI against OpenSSL and Schannel in both directions.
  • Automatic DTLS 1.3 โ†’ 1.2 downgrade: at the default version range the client offers both and completes on whichever the peer selects, over the same transport.
  • Native DTLS 1.2 backends โ€” Schannel (Windows), OpenSSL (Linux), and Network.framework (macOS) โ€” preferred where present; the deprecated Secure Transport stack provides a DTLS 1.0 fallback on macOS.
  • AEAD cipher suites: AES-128-GCM and AES-256-GCM (all TFMs), plus AES-128-CCM and AES-128-CCM-8 (net8+; unavailable on iOS, where AES-GCM remains the default). Selectable via DtlsOptions.CipherSuites. (ChaCha20-Poly1305 is not offered: the BCL has no raw ChaCha20 for DTLS 1.3 sequence-number encryption.)
  • Modern, allocation-conscious Span<T> API; transport-agnostic with a built-in UDP Socket adapter and an in-memory loopback transport.
  • Targets netstandard2.0, netstandard2.1, net8.0, net9.0, net10.0 (plus opt-in net10.0-android / net10.0-ios); NativeAOT-compatible on net10. netstandard2.0 (for .NET Framework 4.6.1+, Unity, Mono) is a compile/API-compatibility target โ€” its wire codecs, value types, and datagram transports run, but because that BCL has no AesGcm/ECDiffieHellman, the cryptographic handshake throws PlatformNotSupportedException; a working handshake needs netstandard2.1 (AES-GCM) or net8.0+.

๐Ÿ“š Documentation

  • Usage โ€” getting started: client/server handshakes, options, and the datagram transport API.
  • Architecture โ€” the hybrid native/managed design and how the engines and backends fit together.
  • Supported protocols โ€” version/platform matrix, cipher suites, credential modes, and interop status.
  • Security model โ€” threat model and hardening notes.
  • NativeAOT & trimming โ€” AOT/trimming compatibility and guidance.

Project layout

src/      the Dtls library
tests/    unit, integration, and OpenSSL/Schannel interop tests
samples/  UDP echo client/server
docs/     usage, architecture, security model, supported protocols, AOT

Build & test

dotnet build
dotnet test

The native backends require their host OS: the Schannel DTLS 1.2 backend and its tests run on Windows; the OpenSSL DTLS 1.2 backend and its tests run on Linux. On a Windows machine, build and test the Linux side with WSL:

# from WSL (the repo is visible at /mnt/<drive>/...)
./eng/wsl-verify.sh

Tests that need a specific OS no-op elsewhere, so the suite is green on every platform.

๐Ÿ”’ Security

This is a security-protocol implementation; see docs/security.md for the threat model and hardening notes. DTLS 1.0 is deprecated (RFC 8996) and is off by default.

License

MIT.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 is compatible. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on DtlsSharp:

Package Downloads
Crdt.Transport.Dtls

DTLS-secured datagram gossip transport for Crdt.Transport, built on DtlsSharp (managed DTLS 1.2/1.3 with native OS backends).
NanoMsgSharp.Dtls

DTLS-secured UDP datagram transport (dtls+udp://) for NanoMsgSharp, built on DtlsSharp. Adds confidential, authenticated datagram messaging to the nanomsg/NNG scalability protocols.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.1 104 6/27/2026
1.0.0 166 6/25/2026