I've found the following facts about the libraries and DTLS.

我发现了有关库和 DTLS 的以下事实。

1. There is another lib with DTLS support - CyaSSL, but it supports DTLS only in test mode for now.

2. Although RFC 4347 dates from Apr, 2006, the OpenSSL supports DTLS since 2005 (v0.9.8). Many Linux distribs include this version. OpenSSL API looks ugly a little, but it seems like DTLS implementation is stable.

3. GnuTls supports DTLS since 2011 (v3.0.0). Looks like no Linux includes this version yet. (For example, Ubuntu 11.04 uses v2.8.6, Ubuntu 11.10 is going to use v2.10.5, not v3.0.0.) There is no information about when v3.0 will be used. It can be built manually, however it depends on too many additional libraries which may have no native support in some distribs.

4. It looks like all of these libraries can be used on other platforms (e.g. Windows).

5. Known OpenSSL issue: OpenSSL has compression enabled by default for DTLS, but it shouldn't be. OpenSSL v0.9.8 API doesn't provide any method to disable compression. The method should be implemented manually.

1. 还有另一个支持 DTLS 的库 - CyaSSL，但它目前仅在测试模式下支持 DTLS。

2. 尽管 RFC 4347 的日期是 2006 年 4 月，但 OpenSSL 自 2005 年（v0.9.8）就支持 DTLS。许多 Linux 发行版都包含此版本。OpenSSL API 看起来有点难看，但看起来 DTLS 实现是稳定的。

3. GnuTls 从 2011 (v3.0.0) 开始支持 DTLS。看起来还没有 Linux 包含这个版本。（例如，Ubuntu 11.04 使用 v2.8.6，Ubuntu 11.10 将使用 v2.10.5，而不是 v3.0.0。）没有关于何时使用 v3.0 的信息。它可以手动构建，但是它依赖于太多额外的库，这些库在某些发行版中可能没有本机支持。

4. 看起来所有这些库都可以在其他平台（例如 Windows）上使用。

5. 已知的 OpenSSL 问题：默认情况下，OpenSSL 已为 DTLS 启用压缩，但不应如此。OpenSSL v0.9.8 API 不提供任何禁用压缩的方法。该方法应手动实施。

SUMMARY:

概括：

Speaking about usability, personally I would prefer GnuTls API, but at the time OpenSSL looks more preferable to use.

谈到可用性，我个人更喜欢 GnuTls API，但当时 OpenSSL 看起来更可取。

IPsec is the oldest and hence most compatible and stable, but requires tasks from the sysadmin and can be quite challenging for novices. DTLS is tackling the problem from the application side which the programmer can significantly simplify and integrate with existing environments with less change.

IPsec 是最古老的，因此也是最兼容和最稳定的，但需要系统管理员的任务，对于新手来说可能非常具有挑战性。DTLS 正在从应用程序端解决问题，程序员可以显着简化并与现有环境集成，而更改较少。

The choice between OpenSSL and GnuTLS is almost always due to license.

OpenSSL 和 GnuTLS 之间的选择几乎总是由于许可证。

OpenSSL license includes an advertising clause:

OpenSSL 许可证包括一个广告条款：

3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

3. 所有提及此 * 软件的功能或使用的广告材料必须显示以下确认： * “此产品包括由 OpenSSL 项目开发的软件 * 用于 OpenSSL 工具包。（http://www.openssl.org/） ”

GnuTLS from Wikipedia:

来自维基百科的 GnuTLS：

GnuTLS was initially created to allow applications of the GNU project to use secure protocols such as TLS. Although OpenSSL already existed, OpenSSL's license is not compatible with the GPL;[4] thus software under the GPL, such as GNU software, could not use OpenSSL without making a GPL linking exception.

GnuTLS 最初的创建是为了允许 GNU 项目的应用程序使用安全协议，例如 TLS。尽管 OpenSSL 已经存在，但 OpenSSL 的许可证与 GPL 不兼容；[4] 因此 GPL 下的软件，例如 GNU 软件，如果不设置 GPL 链接例外，就无法使用 OpenSSL。

http://en.wikipedia.org/wiki/GnuTLS

http://en.wikipedia.org/wiki/GnuTLS