diff options
author | Anders Svensson <anders@erlang.org> | 2011-10-02 12:09:34 +0200 |
---|---|---|
committer | Anders Svensson <anders@erlang.org> | 2011-10-06 16:29:46 +0200 |
commit | 68c94d9b8db4773259c323cd428cf4bf20931869 (patch) | |
tree | 9e453adb6a243ed59d31688e25d61d28d8e1a769 | |
parent | 804d96e755a65a17cfe0d67698b834bdda11afe5 (diff) | |
download | otp-68c94d9b8db4773259c323cd428cf4bf20931869.tar.gz otp-68c94d9b8db4773259c323cd428cf4bf20931869.tar.bz2 otp-68c94d9b8db4773259c323cd428cf4bf20931869.zip |
Close transport if tls is requested over sctp
RFC 3588 requires that a Diameter server support TLS but in
practise this seems to mean TLS over SCTP since there are limitations
with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a
response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft
acknowledges this by equating the Inband-Security-Id value TLS
with TLS/TCP and DTLS/SCTP but underlying support for DTLS is
still thin on the ground.
-rw-r--r-- | lib/diameter/src/transport/diameter_sctp.erl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/diameter/src/transport/diameter_sctp.erl b/lib/diameter/src/transport/diameter_sctp.erl index 46473e7bf1..cb024c77b1 100644 --- a/lib/diameter/src/transport/diameter_sctp.erl +++ b/lib/diameter/src/transport/diameter_sctp.erl @@ -411,6 +411,14 @@ transition({diameter, {send, Msg}}, S) -> transition({diameter, {close, Pid}}, #transport{parent = Pid}) -> stop; +%% TLS over SCTP is described in RFC 3436 but has limitations as +%% described in RFC 6083. The latter describes DTLS over SCTP, which +%% addresses these limitations, DTLS itself being described in RFC +%% 4347. TLS is primarily used over TCP, which the current RFC 3588 +%% draft acknowledges by equating TLS with TLS/TCP and DTLS/SCTP. +transition({diameter, {tls, _Ref, _Type, _Bool}}, _) -> + stop; + %% Listener process has died. transition({'DOWN', _, process, Pid, _}, #transport{mode = {accept, Pid}}) -> stop; |