#Difference between stunnel and vpn code
With SSL, your connection code must be aware of the security from a programming point of view, you do not open a SSL connection as if it was "just a socket". You have some security requirements, and are thinking about either using SSL (over TCP over IP) or possibly HTTPS (which is HTTP-over-SSL-over-TCP-over-IP), or setting up a VPN between client and server and using "plain" TCP in that private network (the point of the VPN is that is gives you a secure network where you need not worry anymore about confidentiality). On the other hand, IPsec must be managed quite deep within the operating system network code, while a SSL-based VPN only needs some way to hijack incoming and outgoing traffic the rest can be down in user-level software.Īs I understand your question, you have an application where some machines must communicate over the Internet. IPsec is another technology which is more deeply integrated in the packets, which suppresses some of those layers, and is thus a bit more efficient (less bandwidth overhead). Some VPN implementations actually use SSL, resulting in a layered system: the VPN transfers IP packets (of the virtual network) by serializing them on a SSL connection, which itself uses TCP as a transport medium, which is built over IP packets (on the physical unprotected network). A VPN implementation requires some cryptography at some point. So VPN and SSL are not from the same level. SSL provides confidentiality, integrity (active alterations are reliably detected), and some authentication (usually server authentication, possibly mutual client-server authentication if using certificates on both sides). It requires the underlying transport medium to be "mostly reliable" (when not attacked, data bytes are transferred in due order, with no loss and no repetition).
SSL (now known as TLS) is a technology which takes a bidirectional transport medium and provides a secured bidirectional medium.
the Internet at large) which is logically isolated from the bigger network through non-hardware means (that's what "virtual" means): it is not that we are using distinct cables and switches rather, isolation is performed through use of cryptography. It is a generic concept which designates a part of a bigger network (e.g.
0 kommentar(er)
