问题描述
我需要保护我的UDP流量.据我了解,DTLS协议是最好的方法.还有另一个-IPsec-但它对我来说并不适用,因为它不易使用,并且可能存在硬件问题.
I need to secure my UDP traffic. As far as I understand DTLS protocol is the best way to do it. There is another one - IPsec - but it looks not applicable for me because it's not easy to use and there are possible hardware problems.
我发现有些库实现了DTLS.所以现在我要选择-OpenSSL或GnuTls?您能告诉我什么是更好使用的吗?缺点或优点是什么?还是可能有另一个实现了DTLS支持的库?
I've found that there are some libraries which have DTLS implemented. So now I'm trying to choose - OpenSSL or GnuTls? Could you please advise me what is better to use? What are drawbacks or advantages? Or may be there is another library with DTLS support implemented?
谢谢.
推荐答案
我发现了有关库和DTLS的以下事实.
I've found the following facts about the libraries and DTLS.
-
还有另一个支持DTLS的库-CyaSSL,但目前它仅在测试模式下支持DTLS.
There is another lib with DTLS support - CyaSSL, but it supports DTLS only in test mode for now.
尽管RFC 4347的发布日期为2006年4月,但OpenSSL自2005年以来一直支持DTLS(v0.9.8).许多Linux发行版都包含此版本. OpenSSL API看起来有点难看,但是DTLS实施似乎很稳定.
Although RFC 4347 dates from Apr, 2006, the OpenSSL supports DTLS since 2005 (v0.9.8). Many Linux distribs include this version. OpenSSL API looks ugly a little, but it seems like DTLS implementation is stable.
GnuTls自2011年(v3.0.0)开始支持DTLS.似乎还没有Linux包含此版本. (例如,Ubuntu 11.04使用v2.8.6,Ubuntu 11.10将使用v2.10.5,而不是v3.0.0.)没有有关何时使用v3.0的信息.它可以手动构建,但是它依赖于过多的附加库,在某些发行版中可能没有本机支持.
GnuTls supports DTLS since 2011 (v3.0.0). Looks like no Linux includes this version yet. (For example, Ubuntu 11.04 uses v2.8.6, Ubuntu 11.10 is going to use v2.10.5, not v3.0.0.) There is no information about when v3.0 will be used. It can be built manually, however it depends on too many additional libraries which may have no native support in some distribs.
所有这些库似乎都可以在其他平台(例如Windows)上使用.
It looks like all of these libraries can be used on other platforms (e.g. Windows).
已知的OpenSSL问题:默认情况下,OpenSSL已为DTLS启用压缩功能,但不应启用压缩功能. OpenSSL v0.9.8 API没有提供任何禁用压缩的方法.该方法应手动实施.
Known OpenSSL issue: OpenSSL has compression enabled by default for DTLS, but it shouldn't be. OpenSSL v0.9.8 API doesn't provide any method to disable compression. The method should be implemented manually.
摘要:
说到可用性,我个人更喜欢GnuTls API,但那时使用OpenSSL似乎更可取.
Speaking about usability, personally I would prefer GnuTls API, but at the time OpenSSL looks more preferable to use.
这篇关于保护UDP-OpenSSL或GnuTls或...?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!