TLS over multi-stream SCTP, a wrapper...

Nikos Mavrogiannopoulos nmav at
Sun Aug 17 00:37:08 CEST 2008

Sebastien Decugis wrote:
> Hello,
> Following a design idea from Nikos Mavrogiannopoulos (thanks again), I
> have written a wrapper around the GNU TLS library to achieve TLS
> protection over a multi-stream SCTP connection.
> The basic idea is to replace the transport functions used by gnutls for
> transport, and use an object to aggregate all the sessions and other
> data. One thread is receiving data from the socket, and queueing this
> data in per-stream FIFO lists (demultiplxing step). Then the gnutls
> "pull" function will pick data from the appropriate FIFO list, and
> actually decrypt this data. This is done by a separate thread (one per
> stream). The decrypted data is queued in another FIFO list, from which
> the user can retrieve the received data. See the header file and the
> comments at the top of the files for more information.
> I know this wrapper is not very performant at session initiation because
> it does a full handshake on each pair of stream, and does not
> parallelize this process. This can be easily improved, but makes it more
> complex to debug.

A quick improvement would be to use session resuming after the 1st
session is established. Thus the handshake afterwards would be much faster.


More information about the Gnutls-devel mailing list