1. Feature Guide
  2. DSR Features and Functions
  3. Routing and Transaction Related Parameters in the DSR
  4. TLS / DTLS

2.6.8 TLS / DTLS

The DSR optionally supports TLS for TCP connections and DTLS for SCTP associations in the DSR. This provides RFC compliant support for security protocol enabled certificate and key exchange. TLS/DTLS can be independently enabled on each DSR diameter connection. TLS/DTLS encrypts packets within a segment of network TCP connections or SCTP associations at the application layer using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. TLS/DTLS provides tighter encryption via handshake mechanisms. This feature uses the certificate management component from platform. Please see DSR for more information on the certificate management feature Capability Exchanges.

The Capability Exchanges on the DSR provide flexibility to inter-op with other Diameter nodes. These enhancements include:

  • Support of any Application –Id.
  • Configurable list of Application-Ids (up to 20 maximum) that can be advertised to the peer on a per connection basis.
  • Authentication of minimum mandatory Application-Ids in the advertised list.
  • Support for more than one Vendor specific Application-Id.