Does OpenZiti support DTLS? If you could point me to relevant documentation, that would be very helpful.
1 Like
I don't believe we claim to support DTLS per-se, however, OpenZiti allows you to tunnel UDP or TCP connections and implements end to end encryption for both TCP and UDP between the source and destination identities.
If you establish your own DTLS connection OVER OpenZiti, I would expect it to work properly but this is the application protocol, not OpenZiti... If that makes sense? It'd be similar to how OpenZiti allows TLS over OpenZiti I would think, and that works perfectly.
So if your question is, can OpenZiti secure UDP datagrams, I would respond with "yes" between the source and destination identity. Is that DTLS, no I don't believe so, it's done with libsodium.
That make sense and answer the question sufficently?
Thanks for your reply! I understand Ziti doesn't have built-in support for DTLS but does have the ingredients to build that support on.
With that in mind, I have a follow up question: when UDP transport is selected, does Ziti deliver the payloads end-to-end as UDP; or, is UDP only at the entry and exit points and the payload is delivered as TCP within the mesh?
Current SDK <-> router and router <-> router traffic is TCP-based. One of our goals is to allow for UDP-based transports (likely using DTLS) for those connections. Some initial work has been done, but there's more to do before it will be a good replacement.
Cheers,
Paul
1 Like
Sounds good, thank you!
1 Like