Opened 12 years ago
Last modified 12 years ago
#19 new task
Use DTLS instead of TLS over SCTP
Reported by: | Sebastien Decugis | Owned by: | Sebastien Decugis |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | framework | Version: | |
Keywords: | Cc: | dev@freediameter.net | |
Blocked By: | Blocking: | #27, #29 |
Description
The current version implements TLS over SCTP as described in RFC3436. However, this mechanism has serious limitations, as shown in draft-ietf-tsvwg-dtls-for-sctp-06. In freeDiameter implementation, each SCTP pair of stream requires a different thread to handle the TLS processing -- which is totally resource killing for more that very few connections.
Therefore the RFC3436 mechanism will be replaced by DTLS in a future version.
Change History (4)
comment:1 Changed 53 years ago by
Blocking: | 27 added |
---|
comment:2 Changed 53 years ago by
Blocking: | 29 added |
---|
comment:2 Changed 12 years ago by
It seems DTLS will soon be available in GNUTLS:
http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00021.html
That is great and highly reduces the amount of changes needed in the code :)
Since DTLS is not supported by GnuTLS, this change might require to switch to another crypto library. CyaSSL might be a good choice, the main problem being its license.
(to check: FLOSS exception to the CyaSSL license here)