DTLS 1.3
DTLS 1.3 uses the TLS 1.3 context and APIs over the RFC 9147 datagram record layer. Header: noxtls_tls13.h with shared DTLS declarations in noxtls_dtls_common.h.
Use noxtls_dtls13_context_init to initialize a tls13_context_t for datagram transport. Configure MTU, retransmission, ACK limits, replay handling, and anti-amplification settings with the shared DTLS API.
Features
| Area | Support |
|---|---|
| Record layer | DTLS 1.3 unified header with optional Connection ID and length fields |
| Handshake | TLS 1.3 handshake over datagrams |
| Key schedule | DTLS 1.3 dtls13 HKDF labels |
| ACKs | ACK record parsing, ACK range tracking, and retransmission suppression |
| Fragmentation | MTU-aware handshake fragmentation and reassembly |
| Replay protection | Per-epoch replay windows and sequence reconstruction |
| Connection ID | RequestConnectionId and NewConnectionId handling through TLS 1.3 state |
| KeyUpdate | DTLS epoch tracking for application traffic updates |
| 0-RTT and PSK | TLS 1.3 PSK, resumption, and early-data paths where configured |
API
noxtls_dtls13_context_init
noxtls_return_t noxtls_dtls13_context_init(tls13_context_t *ctx, tls_role_t role);
Initialize a TLS 1.3 context for DTLS 1.3 operation.
Returns: noxtls_return_t.
Handshake and Data
After initialization, use the TLS 1.3 handshake and data functions on the same context:
Typical Setup
tls13_context_t ctx;
noxtls_dtls13_context_init(&ctx, TLS_ROLE_CLIENT);
noxtls_tls_set_io_callbacks(&ctx.base.base, send_cb, recv_cb, user_data);
noxtls_dtls_set_mtu(&ctx.base, 1200);
noxtls_dtls_set_ack_range_limit(&ctx.base, 16);
dtls_set_retransmit(&ctx.base, 1000, 2000, 5);
noxtls_tls13_connect(&ctx);
See the DTLS 1.3 guide for the feature overview and DTLS common API for base DTLS configuration.