Skip to content

Coap Security

DodaTech 1 min read

In this tutorial, you'll learn about CoAP DTLS Handshake Fails. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

The Problem

CoAP over DTLS (coaps://) connection fails during handshake.

Quick Fix

Wrong

coap.request('coaps://localhost/temp')  # No certificate
DTLS handshake fails — certificate error or timeout.
const coap = require('coap')
const fs = require('fs')

// Server with DTLS
const options = {
  key: fs.readFileSync('./server-key.pem'),
  cert: fs.readFileSync('./server-cert.pem'),
  ca: fs.readFileSync('./ca-cert.pem'),
  requestCert: true,  // Mutual TLS
  rejectUnauthorized: true
}

const server = coap.createServer({ type: 'udp6', dtls: options })

server.listen(5684, () => {
  console.log('CoAPS server on port 5684')
})

// Client with DTLS
const req = coap.request({
  hostname: 'localhost',
  port: 5684,
  pathname: '/temp',
  agent: new coap.Agent({
    type: 'udp6',
    dtls: {
      key: fs.readFileSync('./client-key.pem'),
      cert: fs.readFileSync('./client-cert.pem'),
      ca: fs.readFileSync('./ca-cert.pem')
    }
  })
})
DTLS handshake successful, secure CoAP communication established.

Prevention

DTLS = Datagram TLS (UDP version of TLS). Port 5684 (coaps://). Self-signed certs need to be trusted or disable verification. DTLS 1.2 is most common. DTLS handshake overhead adds latency (3 round trips). For constrained devices, use raw public key (RPK) instead of X.509 certificates.

DodaTech engineers apply these same patterns across Doda Browser, DodaZIP, and Durga Antivirus Pro for production IoT reliability.

FAQ

### What is DTLS?

Datagram Transport Layer Security — TLS over UDP. Provides encryption, authentication, and integrity for CoAP messages.

Does DTLS work on constrained devices?

Yes, but DTLS handshake is CPU-intensive. Use session resumption for faster reconnects. RPK (Raw Public Key) reduces cert size.

What port does CoAP use with DTLS?

5684 (IANA assigned). The URI scheme is coaps://. Port 5683 is for plain CoAP (coap://).

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro