DTLS encryption

Warning: Secure connections using DTLS are only available with Unity Editor versions 2020.3 (starting at 2020.3.34), 2022.1, and above.

Relay supports DTLS encryption of all UDP communication to and from the Relay servers. DTLS encryption doesn't change the authentication flow apart from adding an extra step for increased security.

The client must configure their DTLS library to use the key it received from the Allocations service as the Pre Shared Key (PSK) value. The PSK used for DTLS encryption is the same key provided by the Allocations service for HMAC authentication.

When initiating a DTLS session with the Relay server, the client must set the PSK hint for the DTLS handshake to the canonical string representation of the allocation ID. After the handshake, the Relay message protocol is fully encapsulated by DTLS. The Relay operations and messages are the same with or without DTLS. Check out Enable DTLS encryption for an example.

Note: Enabling DTLS encryption only enables encryption of message. Other Relay behavior, such as timeouts, remains the same.