diff --git a/include/net/net_ip.h b/include/net/net_ip.h
index c18c04594c7..bc27fa19a68 100644
--- a/include/net/net_ip.h
+++ b/include/net/net_ip.h
@@ -59,6 +59,8 @@ enum net_ip_protocol_secure {
 	IPPROTO_TLS_1_0 = 256,
 	IPPROTO_TLS_1_1 = 257,
 	IPPROTO_TLS_1_2 = 258,
+	IPPROTO_DTLS_1_0 = 272,
+	IPPROTO_DTLS_1_2 = 273,
 };
 
 /** Socket type */
diff --git a/subsys/net/lib/sockets/Kconfig b/subsys/net/lib/sockets/Kconfig
index 844d21509fb..b2b9eac081e 100644
--- a/subsys/net/lib/sockets/Kconfig
+++ b/subsys/net/lib/sockets/Kconfig
@@ -36,6 +36,13 @@ config NET_SOCKETS_SOCKOPT_TLS
 	  Enable TLS socket option support which automatically establishes
 	  a TLS connection to the remote host.
 
+config NET_SOCKETS_ENABLE_DTLS
+	bool "Enable DTLS socket support [EXPERIMENTAL]"
+	depends on NET_SOCKETS_SOCKOPT_TLS
+	select TLS_DTLS
+	help
+	  Enable DTLS socket support. By default only TLS over TCP is supported.
+
 config NET_SOCKETS_TLS_MAX_CONTEXTS
 	int "Maximum number of TLS/DTLS contexts"
 	default 1
diff --git a/subsys/net/lib/sockets/sockets_tls.c b/subsys/net/lib/sockets/sockets_tls.c
index e549c474ad4..69dae127d5f 100644
--- a/subsys/net/lib/sockets/sockets_tls.c
+++ b/subsys/net/lib/sockets/sockets_tls.c
@@ -738,15 +738,14 @@ int ztls_socket(int family, int type, int proto)
 	enum net_ip_protocol_secure tls_proto = 0;
 	int sock, ret, err;
 
-	if (proto  >= IPPROTO_TLS_1_0 && proto <= IPPROTO_TLS_1_2) {
-		/* Currently DTLS is not supported,
-		 * so do not allow to create datagram socket
-		 */
+	if ((proto >= IPPROTO_TLS_1_0 && proto <= IPPROTO_TLS_1_2) ||
+	    (proto >= IPPROTO_DTLS_1_0 && proto <= IPPROTO_DTLS_1_2)) {
+#if !defined(CONFIG_NET_SOCKETS_ENABLE_DTLS)
 		if (type == SOCK_DGRAM) {
 			errno = ENOTSUP;
 			return -1;
 		}
-
+#endif
 		tls_proto = proto;
 		proto = (type == SOCK_STREAM) ? IPPROTO_TCP : IPPROTO_UDP;
 	}