UDP TLS Termination

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

UDP TLS Termination

Joergi
Hi guys,

We are interested in UDP TLS Termination, any updates about this feature? I
think I saw such topic on forum few moths ago, but I'm unable to find it
now.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273251,273251#msg-273251

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UDP TLS Termination

Vladimir Homutov
On Tue, Mar 28, 2017 at 05:18:54AM -0400, freel wrote:
> Hi guys,
>
> We are interested in UDP TLS Termination, any updates about this feature? I
> think I saw such topic on forum few moths ago, but I'm unable to find it
> now.
>

Can you please describe your use-case?
Which applications do you use, why do you need it, etc.

Please note that if we are speaking about DTLS, terminating it will
mean converting datagrams into stream, and I'm not sure why anyone
that has application working with stream (i.e. TCP) will want to
use DTLS at some point to access it instead of normal DTLS.


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UDP TLS Termination

Vladimir Homutov
On Tue, Mar 28, 2017 at 12:25:35PM +0300, Vladimir Homutov wrote:
> instead of normal DTLS.

i meant SSL (TLS)  of course.
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UDP TLS Termination

Joergi
Vladimir Homutov Wrote:
-------------------------------------------------------
> On Tue, Mar 28, 2017 at 12:25:35PM +0300, Vladimir Homutov wrote:
> > instead of normal DTLS.
>
> i meant SSL (TLS)  of course.
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx

Hi,

I stumbled across this thread in search of answers to my own question
regarding the combination of nginx + DTLS. Since you didn't receive an
answer to your question, Vladimir, here's a use case I am currently working
on: I have an IoT use case using CoAP for client-server-communication. CoAP
in turn uses DTLS for securing its data. All server applications are working
behind an nginx web server. Right now for the DTLS communication nginx is
justed proxiing the udp packets from the client to the server. When using a
PKI instead of a, let's say PSK ciphersuite, I too would think that it would
be be helpful to centralize all TLS specifics e.g. certificate management
within the nginx web server. You should then be able to pass the unencrypted
datagrams to the CoAP server.

Regards,
Sebastian

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273251,273571#msg-273571

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...