Security

ha-dispatcher features a pluggable security layer, with the following highlights:

  • state of the art TLS-1.2 implementation
  • preshared key (RFC4279) or X.509 certificate key agreement
  • GCM modes (NIST SP800-38D, RFC5288) for symmetric encryption

This set of algorithms allows the implementation of a lightweight TLS stack on the client side, which minimizes power consumption and software complexity on embedded devices as outlined in the schematic TLS handshake below compared to the full certificate based handshake from a standard TLS handshake.

SSL_handshake_with_PSK_550

A TLS handshake making use of preshared keys. (Licensed under the FDL, based on material from http://de.wikipedia.org/wiki/Transport_Layer_Security)

SSL_handshake_with_PSK_550

A TLS handshake using X509 certificates. (Licensed under the FDL, material from http://de.wikipedia.org/wiki/Transport_Layer_Security)

June 24th, 2010