aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnders Svensson <anders@erlang.org>2011-10-02 12:09:34 +0200
committerAnders Svensson <anders@erlang.org>2011-10-06 16:29:46 +0200
commit68c94d9b8db4773259c323cd428cf4bf20931869 (patch)
tree9e453adb6a243ed59d31688e25d61d28d8e1a769
parent804d96e755a65a17cfe0d67698b834bdda11afe5 (diff)
downloadotp-68c94d9b8db4773259c323cd428cf4bf20931869.tar.gz
otp-68c94d9b8db4773259c323cd428cf4bf20931869.tar.bz2
otp-68c94d9b8db4773259c323cd428cf4bf20931869.zip
Close transport if tls is requested over sctp
RFC 3588 requires that a Diameter server support TLS but in practise this seems to mean TLS over SCTP since there are limitations with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft acknowledges this by equating the Inband-Security-Id value TLS with TLS/TCP and DTLS/SCTP but underlying support for DTLS is still thin on the ground.
-rw-r--r--lib/diameter/src/transport/diameter_sctp.erl8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/diameter/src/transport/diameter_sctp.erl b/lib/diameter/src/transport/diameter_sctp.erl
index 46473e7bf1..cb024c77b1 100644
--- a/lib/diameter/src/transport/diameter_sctp.erl
+++ b/lib/diameter/src/transport/diameter_sctp.erl
@@ -411,6 +411,14 @@ transition({diameter, {send, Msg}}, S) ->
transition({diameter, {close, Pid}}, #transport{parent = Pid}) ->
stop;
+%% TLS over SCTP is described in RFC 3436 but has limitations as
+%% described in RFC 6083. The latter describes DTLS over SCTP, which
+%% addresses these limitations, DTLS itself being described in RFC
+%% 4347. TLS is primarily used over TCP, which the current RFC 3588
+%% draft acknowledges by equating TLS with TLS/TCP and DTLS/SCTP.
+transition({diameter, {tls, _Ref, _Type, _Bool}}, _) ->
+ stop;
+
%% Listener process has died.
transition({'DOWN', _, process, Pid, _}, #transport{mode = {accept, Pid}}) ->
stop;