5. Intrinsic limitations of SSL VPNs

SSL VPNs can provide services equivalent to IPsec using a fat client. However, the SSL protocol, based on TCP, cannot lose packets. At first glance, this may appear to be an advantage, but some real-time applications such as voice are designed to be able to lose packets in order to limit latency (network transmission delay) and jitter (latency variation). SSL therefore poses quality of service problems for certain applications.

To circumvent this problem, some gateways incorporate a mechanism that attempts to set up an IPsec tunnel and then falls back on an SSL tunnel in the event of failure. Another alternative could be the DTLS protocol

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed? Log in!

Ongoing reading
Intrinsic limitations of SSL VPNs

Previous
page Nomadism

Summary and conclusion

Article included in this offer

"Security of information systems"

( 86 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details

(1) - DIERKS (T.), RESCORLA (E.) - The TLS Protocol Version 1.1. - draft-ietf-tls-rfc2246-bis-13 (work in progress), IETF (juin 2005).
(2) - DIERKS (T.), ALLEN (C.) - The TLS Protocol. - Version 1.0. RFC 2246, IETF (janv. 1999).

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed? Log in!