Can you use IPsec on tcp software programmatically instead of performing SSL / TLS at the user level?

Question

Can you use IPsec on tcp software programmatically instead of performing SSL / TLS at the user level?

I am not trying to set up a VPN. I want to protect tcp sessions between services that can be implemented either in user mode or as kernel daemons. If not for the kernel requirement, TLS would probably be enough.

The first goal is Linux; pointers to any example code in user or kernel mode would be a dandy, if any.

All existing examples that I have found relate to creating a VPN and using a heap of static configuration in protected directories, all of which I would like to avoid. It seems to me that I am looking at setsockopt things to determine the keys before listening and connecting, but have not found anything yet.

+8

ssl ipsec

dbrower Jul 10 '15 at 9:41

source share

1 answer

Jitesh yadav · Answer 1 · 2015-07-21T15:02:18+0000

A VPN will simply offer you a secure tunnel for your communication, and this comes at the cost of a slow connection or overhead. IF you are looking for Ipsec be ware, which programmatically tries to get a secure and simple IP code, comes at the same price for great communication overhead. It is important to know what your specific need is. For example, if you are not worried about overhead or additional costs, you can definitely go to IPSec at the network level. But if you are concerned about a performance problem or want to reduce the overhead in your message, SSL / TLS better offers you the security you want.

Can you use IPsec on tcp software programmatically instead of performing SSL / TLS at the user level?

More articles: