On Jun 30, 2010, at 1:03 PM, Byron Campen wrote: > I am looking into the possibility of using openssl on an sctp > association (for SIP, specifically), and the standardized way of doing it is > non-trivial (although not terribly complex; I call it non-trivial because it > is doing something other than "one stream, ordered delivery" sctp. It would > seem that openssl would treat this just like a TCP connection, barring MTU > problems?) I suppose DTLS might be an option too, but this has not been > standardized yet. So what's the SCTP story at openssl right now? Hi Byron,
implementing TLS/SCTP in OpenSSL is not an easy thing due to some architectural problems. On the other hand, TLS/SCTP does not scale well, does not support all protocol features SCTP supports. It was developed under the constrain that no changes to TLS could be made and no changes to SCTP could be made. Up to my knowledge, it hasn't been implemented. In my opinion DTLS/SCTP is the way to go. It supports all features SCTP provides, does scale and is implementable in OpenSSL. You can find a patch for OpenSSL 1.0.0 at http://sctp.fh-muenster.de which implements DTLS/SCTP. We have put the patch in the request tracker and it is up to the OpenSSL team to accept the patch or not. From a standardisation point of view you are right. It is not an RFC right now. But it in TSVWG it passed the working group last call and the IETF last call is also over. We have not received any non-editorial questions. So I hope that the IESG will make a decision soon. Please let my know if you have further questions. Best regards Michael > > Best regards, > Byron Campen > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
