Reg, TLS over SCTP (SOCK_SEQPACKET)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Reg, TLS over SCTP (SOCK_SEQPACKET)

sanjaya joshi
Hello,
I understand that when implementing TLS over SCTP, if socket is opened with SOCK_STREAM (one-to-one connection), then normal openssl calls (SSL_accept, SSL_connect) can be used for TLS handshakes in a client/server program.

But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is used. Does openssl provide any alternatives for these calls ? Or an application need to perform the TLS handshakes manually ?

Also, whether openssl has any sample program for TLS over SCTP with SOCK_SEQPACKET ?

Would appreciate a quick reply. Thanks in advance.
Regards,
Sanjaya

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reg, TLS over SCTP (SOCK_SEQPACKET)

Salz, Rich
> But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is used. Does openssl provide any alternatives for these calls ? Or an application need to perform the TLS handshakes manually ?

This is not supported, and there are no demo's available.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reg, TLS over SCTP (SOCK_SEQPACKET)

sanjaya joshi
Hi,
Thank you Salz Rich for the confirmation.
So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ?

Regards,
Sanjaya

On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich <[hidden email]> wrote:
> But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is used. Does openssl provide any alternatives for these calls ? Or an application need to perform the TLS handshakes manually ?

This is not supported, and there are no demo's available.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reg, TLS over SCTP (SOCK_SEQPACKET)

Salz, Rich
> So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ?

I said it is not supported by openssl.

I doubt it can be made to work, since TLS handshake wants one client and one server.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reg, TLS over SCTP (SOCK_SEQPACKET)

Michael Tuexen-4
In reply to this post by sanjaya joshi
> On 1 Mar 2017, at 06:34, Sanjaya Joshi <[hidden email]> wrote:
>
> Hi,
> Thank you Salz Rich for the confirmation.
> So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ?
I this the SOCK_SEQPACKET model doesn't fit well to the way the openssl code is layed out.
They basically want a one-to-one relation between a bio (for example a socket bio) and
a TLS connection. So there is no muxing/demuxing ongoing.

I'm wondering why you are sticking to the 1-to-many style sockets and why you are not
considering DTLS over SCTP instead of TLS over SCTP. DTLS over SCTP using one-to-one
style sockets (SOCK_STREAM) is supported by OpenSSL on Linux and FreeBSD.

Best regards
Michael

>
> Regards,
> Sanjaya
>
> On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich <[hidden email]> wrote:
> > But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is used. Does openssl provide any alternatives for these calls ? Or an application need to perform the TLS handshakes manually ?
>
> This is not supported, and there are no demo's available.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reg, TLS over SCTP (SOCK_SEQPACKET)

sanjaya joshi
Hi,
Thanks for the pointers. We will consider that option.

Regards,
Sanjaya

On Wed, Mar 1, 2017 at 6:59 PM, Michael Tuexen <[hidden email]> wrote:
> On 1 Mar 2017, at 06:34, Sanjaya Joshi <[hidden email]> wrote:
>
> Hi,
> Thank you Salz Rich for the confirmation.
> So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ?
I this the SOCK_SEQPACKET model doesn't fit well to the way the openssl code is layed out.
They basically want a one-to-one relation between a bio (for example a socket bio) and
a TLS connection. So there is no muxing/demuxing ongoing.

I'm wondering why you are sticking to the 1-to-many style sockets and why you are not
considering DTLS over SCTP instead of TLS over SCTP. DTLS over SCTP using one-to-one
style sockets (SOCK_STREAM) is supported by OpenSSL on Linux and FreeBSD.

Best regards
Michael
>
> Regards,
> Sanjaya
>
> On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich <[hidden email]> wrote:
> > But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is used. Does openssl provide any alternatives for these calls ? Or an application need to perform the TLS handshakes manually ?
>
> This is not supported, and there are no demo's available.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...