aiocoap.transports.tinydtls module

This module implements a MessageInterface that handles coaps:// using a wrapped tinydtls library.

This currently only implements the client side. To have a test server, run:

$ git clone --recursive
$ cd libcoap
$ ./
$ ./configure --with-tinydtls --disable-shared --disable-documentation
$ make
$ ./examples/coap-server -k secretPSK

(Using TinyDTLS in libcoap is important; with the default OpenSSL build, I’ve seen DTLS1.0 responses to DTLS1.3 requests, which are hard to debug.)

The test server with its built-in credentials can then be accessed using:

$ echo '{"coaps://localhost/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "client_Identity"}}}}' > testserver.json
$ ./aiocoap-client coaps://localhost --credentials testserver.json

While it is planned to allow more programmatical construction of the credentials store, the currently recommended way of storing DTLS credentials is to load a structured data object into the client_credentials store of the context:

>>> c = await aiocoap.Context.create_client_context()          # doctest: +SKIP
>>> c.client_credentials.load_from_dict(
...     {'coaps://localhost/*': {'dtls': {
...         'psk': b'secretPSK',
...         'client-identity': b'client_Identity',
...         }}})                                               # doctest: +SKIP

where, compared to the JSON example above, byte strings can be used directly rather than expressing them as ‘ascii’/’hex’ ({‘hex’: ‘30383135’} style works as well) to work around JSON’s limitation of not having raw binary strings.

Bear in mind that the aiocoap CoAPS support is highly experimental; for example, while requests to this server do complete, error messages are still shown during client shutdown.

exception aiocoap.transports.tinydtls.CloseNotifyReceived

Bases: Exception

The DTLS connection a request was sent on raised was closed by the server while the request was being processed

exception aiocoap.transports.tinydtls.FatalDTLSError

Bases: Exception

The DTLS connection a request was sent on raised a fatal error while the request was being processed

class aiocoap.transports.tinydtls.DTLSClientConnection(host, port, pskId, psk, coaptransport)

Bases: aiocoap.interfaces.EndpointAddress

is_multicast = False
is_multicast_locally = False
scheme = 'coaps'

The authority component of URIs that this endpoint represents when requests are sent from it.

As with hostinfo, this does not necessarily produce sufficient input for a URI; use uri_local instead.


A hashable (ideally, immutable) value that is only the same for remotes from which blocks may be combined. (With all current transports that means that the network addresses need to be in there, and the identity of the security context).

It does not just hinge on the identity of the address object, as a first block may come in an OSCORE group request and follow-ups may come in pairwise requests. (And there might be allowed relaxations on the transport under OSCORE, but that’d need further discussion).

hostinfo = None
class SingleConnection(parent)

Bases: object

classmethod factory(parent)
parent = None


datagram_received(data, addr)
class aiocoap.transports.tinydtls.MessageInterfaceTinyDTLS(ctx: aiocoap.interfaces.MessageManager, log, loop)

Bases: aiocoap.interfaces.MessageInterface

classmethod create_client_transport_endpoint(ctx: aiocoap.interfaces.MessageManager, log, loop)

Return a value suitable for the message’s remote property based on its .opt.uri_host or .unresolved_remote.

May return None, which indicates that the MessageInterface can not transport the message (typically because it is of the wrong scheme).


Deactivate the complete transport, usually irrevertably. When the coroutine returns, the object must have made sure that it can be destructed by means of ref-counting or a garbage collector run.


Send a given Message object