Support for DTLS protocol 编辑
Notes:
- DTLSv1.0 protocol is supported on Citrix ADC MPX/SDX (N2 and N3 based), VPX, and MPX 14000 FIPS appliances. It is not supported on external HSMs.
- DTLS 1.0 protocol is supported on Citrix ADC appliances containing Intel Coleto SSL chips.
- DTLSv1.2 protocol is supported on the front-end of Citrix ADC VPX appliances.
- DTLS 1.2 protocol is supported on the front-end of Citrix ADC appliances containing Intel Coleto SSL chips. For more information about the platforms containing Intel Coleto SSL chips, see Support for Intel Coleto SSL chip based platforms.
- Service groups of type DTLS are not supported.
- DTLSv1.2 protocol is supported on the front-end of Citrix ADC MPX (N3 based) appliances except the MPX 14000 FIPS appliances.
- For information about Enlightened Data Transport (EDT) support for Citrix Gateway, see HDX enlightened data transport support.
- For information about the platforms and builds supported, see Citrix ADC MPX hardware-software compatibility matrix
The SSL and TLS protocols have traditionally been used to secure streaming traffic. Both of these protocols are based on TCP, which is slow. Also, TLS cannot handle lost or reordered packets.
UDP is the preferred protocol for audio and video applications, such as Lync, Skype, iTunes, YouTube, training videos, and flash. However, UDP is not secure or reliable. The DTLS protocol is designed to secure data over UDP and is used for applications such as media streaming, VOIP, and online gaming for communication. In DTLS, each handshake message is assigned a specific sequence number within that handshake. When a peer receives a handshake message, it can quickly determine whether that message is the next one expected. If it is, the peer processes the message. If not, the message is queued for handling after all the previous messages have been received.
Create a DTLS virtual server and a service of type UDP. By default, a DTLS profile (nsdtls_default_profile) is bound to the virtual server. Optionally, you can create and bind a user-defined DTLS profile to the virtual server.
Note: RC4 ciphers are not supported on a DTLS virtual server.
DTLS configuration
You can use the command line (CLI) or the configuration utility (GUI) to configure DTLS on your ADC appliance.
Note: The DTLS 1.2 protocol is supported on the front end of a Citrix ADC VPX appliance. While configuring a DTLSv1.2 virtual server, specify DTLS12. Default is DTLS1.
At the command prompt, type:
set ssl vserver DTLS [-dtls1 ( ENABLED | DISABLED )] [-dtls12 ( ENABLED | DISABLED )]
Create a DTLS configuration by using the CLI
At the command prompt, type:
add lb vserver <vserver_name> DTLS <IPAddress> <port>
add service <service_name> <IPAddress> UDP 443
bind lb vserver <vserver_name> <udp_service_name>
<!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论