Can you use IPsec on a tcp connection programmatically instead of doing user-level SSL/TLS?

About

Asked 10/7, 2015 at 21:41 Answered 21/7, 2015 at 15:2

I'm not trying to setup a VPN. I want to secure tcp sessions between services that might be implemented in either user-mode or as kernel daemons. If it weren't for the kernel requirement, TLS would probably suffice.

First target would be Linux; pointers to any example code in user or kernel mode would be dandy if there are any.

All the existing examples I've found are about creating VPNs and use a bunch of static configuration in protected directories, all of which I'd like to avoid. I imagine I'd looking at setsockopt things to define keys before listening and connecting, but have so far found nothing.

Jutta answered 10/7, 2015 at 21:41 Comment(1)

Your main problem is that IPsec doesn't happen at the TCP level, which will make it difficult to control per TCP connection. – Windsail 14/7, 2015 at 18:38

VPN will just offer you secure tunnel for your communication also this comes with price of slow connection or overhead. IF you are looking for Ipsec be ware that programatically trying to get a secure and chaning IP itself comes with the same price of large overhead for communication. It is important to know that what is your specific need. Like if you are not bothered about overhead or extra cost, you can definitely go ahead do IPSec at Network layer. But if you are worried about the performance issues or you want less overhead in your communication SSL/TLS is better for offering you desired security.

Pelagian answered 21/7, 2015 at 15:2 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags