Opened 12 years ago
Last modified 11 years ago
#19 new task
Use DTLS instead of TLS over SCTP
| Reported by: | Sebastien Decugis | Owned by: | Sebastien Decugis |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | framework | Version: | |
| Keywords: | Cc: | dev@freediameter.net | |
| Blocked By: | Blocking: | #27, #29 |
Description
The current version implements TLS over SCTP as described in RFC3436. However, this mechanism has serious limitations, as shown in draft-ietf-tsvwg-dtls-for-sctp-06. In freeDiameter implementation, each SCTP pair of stream requires a different thread to handle the TLS processing -- which is totally resource killing for more that very few connections.
Therefore the RFC3436 mechanism will be replaced by DTLS in a future version.
Change History (4)
comment:1 Changed 52 years ago by
| Blocking: | 27 added |
|---|
comment:2 Changed 52 years ago by
| Blocking: | 29 added |
|---|
comment:2 Changed 11 years ago by
It seems DTLS will soon be available in GNUTLS:
http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00021.html
That is great and highly reduces the amount of changes needed in the code :)
Note: See
TracTickets for help on using
tickets.
Since DTLS is not supported by GnuTLS, this change might require to switch to another crypto library. CyaSSL might be a good choice, the main problem being its license.
(to check: FLOSS exception to the CyaSSL license here)