[erlang-questions] DTLS UDP socket reuse / SSL passive API?
Wed Jan 3 13:44:33 CET 2018
On Wed, Jan 3, 2018 at 2:39 PM, Andreas Schultz
> I do have a use case that is even more complicated then simply upgrading UDP
> to DTLS.
> CAPWAP is runnig unencrypted and DTLS traffic on the same socket. It
> distinguished between the traffic with a small header in front of the
> payload packet. I therefore need a demultiplexer on the UDP socket that
> removes the header and passes the encrypted payload to the DTLS stack.
I think you're in luck.
> There is somewhat similar problem when doing EAP-TLS over RADIUS or
> DIAMETER. The TLS traffic is encapsulated within RADIUS/DIAMETER requests
> and needs to be passed into the TLS stack and the replies need to
> encapsultated with RADIUS/DIAMETER.
SigScale has a pure Erlang implementation of EAP-TTLS over RADIUS
using the SSL app in OTP in our open source Online Charging System
> The current socket abstraction in the SSL app is not prepared to handle this
> and would need invasive changes.
The existence of the API is hidden in this one sentence of the User Guide:
"By default SSL/TLS is run over the TCP/IP protocol even though you
can plug in any other reliable transport protocol with the same
Application Programming Interface (API) as the gen_tcp module in
Here is our SSL transport callback module:
More information about the erlang-questions