[Help-gnutls] TLS and SCTP

Sebastien Decugis sdecugis at nict.go.jp
Wed Jul 30 11:24:19 CEST 2008


I am trying to implement TLS over a SCTP association with multiple 
streams (the final goal is to make an open-source implementation of 

 From RFC 3436, it is told that each pair of (bi-directional) stream is 
an independent TLS session (separate handshake, and so on). The 
remaining streams have no TLS protection, and will therefore not be used 
in my implementation.

I understand how to specify my own transport-layer handlers in GNU TLS 
with the set_push_function and set_pull_function, but I think it is not 
sufficient support to handle the TLS over the multiple streams as 
expected. We can create a wrapper function to send data on a specific 
stream, but not to receive only from a given stream. The logic must be: 
we receive a message, we can retrieve its stream number, and then we 
know the TLS context (session) this message belongs to. I cannot see a 
way to achieve this with the API of gnutls.

Has someone ran into this issue already and could give me some hints / 
pointers? The only workaround I can see yet is to use only 1 stream in 
my SCTP association, but this is not very satisfactory...

Thank you in advance!
Best regards,

Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)

More information about the Gnutls-help mailing list