[erlang-questions] DTLS UDP socket reuse / SSL passive API?

Vance Shipley vances@REDACTED
Wed Jan 3 13:44:33 CET 2018

On Wed, Jan 3, 2018 at 2:39 PM, Andreas Schultz
<andreas.schultz@REDACTED> wrote:
> I do have a use case that is even more complicated then simply upgrading UDP
> to DTLS.
> CAPWAP is runnig unencrypted and DTLS traffic on the same socket. It
> distinguished between the traffic with a small header in front of the
> payload packet. I therefore need a demultiplexer on the UDP socket that
> removes the header and passes the encrypted payload to the DTLS stack.

I think you're in luck.

> There is somewhat similar problem when doing EAP-TLS over RADIUS or
> DIAMETER. The TLS traffic is encapsulated within RADIUS/DIAMETER requests
> and needs to be passed into the TLS stack and the replies need to
> encapsultated with RADIUS/DIAMETER.

SigScale has a pure Erlang implementation of EAP-TTLS over RADIUS
using the SSL app in OTP in our open source Online Charging System
(OCS): https://github.com/sigscale/ocs

> The current socket abstraction in the SSL app is not prepared to handle this
> and would need invasive changes.

The existence of the API is hidden in this one sentence of the User Guide:

  "By default SSL/TLS is run over the TCP/IP protocol even though you
can plug in any other reliable transport protocol with the same
Application Programming Interface (API) as the gen_tcp module in

Here is our SSL transport callback module:


More information about the erlang-questions mailing list