On Tue, Mar 28, 2017 at 05:18:54AM -0400, freel wrote:
> Hi guys,
> We are interested in UDP TLS Termination, any updates about this feature? I
> think I saw such topic on forum few moths ago, but I'm unable to find it
Can you please describe your use-case?
Which applications do you use, why do you need it, etc.
Please note that if we are speaking about DTLS, terminating it will
mean converting datagrams into stream, and I'm not sure why anyone
that has application working with stream (i.e. TCP) will want to
use DTLS at some point to access it instead of normal DTLS.
Vladimir Homutov Wrote:
> On Tue, Mar 28, 2017 at 12:25:35PM +0300, Vladimir Homutov wrote:
> > instead of normal DTLS.
> i meant SSL (TLS) of course.
> nginx mailing list
> [hidden email] > http://mailman.nginx.org/mailman/listinfo/nginx
I stumbled across this thread in search of answers to my own question
regarding the combination of nginx + DTLS. Since you didn't receive an
answer to your question, Vladimir, here's a use case I am currently working
on: I have an IoT use case using CoAP for client-server-communication. CoAP
in turn uses DTLS for securing its data. All server applications are working
behind an nginx web server. Right now for the DTLS communication nginx is
justed proxiing the udp packets from the client to the server. When using a
PKI instead of a, let's say PSK ciphersuite, I too would think that it would
be be helpful to centralize all TLS specifics e.g. certificate management
within the nginx web server. You should then be able to pass the unencrypted
datagrams to the CoAP server.