Navigation


Opened 12 years ago

Last modified 11 years ago

#19 new task

Use DTLS instead of TLS over SCTP

Reported by: Sebastien Decugis Owned by: Sebastien Decugis
Priority: major Milestone:
Component: framework Version:
Keywords: Cc: dev@freediameter.net
Blocked By: Blocking: #27, #29

Description

The current version implements TLS over SCTP as described in RFC3436. However, this mechanism has serious limitations, as shown in draft-ietf-tsvwg-dtls-for-sctp-06. In freeDiameter implementation, each SCTP pair of stream requires a different thread to handle the TLS processing -- which is totally resource killing for more that very few connections.

Therefore the RFC3436 mechanism will be replaced by DTLS in a future version.

Change History (4)

comment:1 Changed 52 years ago by Sebastien Decugis

Blocking: 27 added

comment:2 Changed 52 years ago by Administrator

Blocking: 29 added

comment:1 Changed 12 years ago by Sebastien Decugis

Since DTLS is not supported by GnuTLS, this change might require to switch to another crypto library. CyaSSL might be a good choice, the main problem being its license.

(to check: FLOSS exception to the CyaSSL license here)

Last edited 12 years ago by Sebastien Decugis (previous) (diff)

comment:2 Changed 11 years ago by Administrator

It seems DTLS will soon be available in GNUTLS:
http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00021.html

That is great and highly reduces the amount of changes needed in the code :)

Note: See TracTickets for help on using tickets.