Secure Socket Tunneling Protocol
(SSTP) is a form of VPN
tunnel that provides a mechanism to transport PPP
traffic through an SSL
channel. SSL provides transport-level security with key-negotiation, encryption
and traffic integrity checking. The use of TCP
port 443 should increase the chances that SSTP will pass through most firewalls
and proxy servers
SSTP servers must be authenticated during the SSL phase. SSTP clients can optionally be authenticated during the SSL phase, and must be authenticated in the PPP phase. The use of PPP allows support for common authentication methods, such as EAP-TLS and MS-CHAP.
It is currently available in Windows Server 2008 and Windows Vista SP1.
SSTP header structure
The following header structure is common to all types of SSTP packets:
| Bit offset
|| Bits 0–7
- Version (8 bits) – Communicates and negotiates the version of SSTP that is used.
- Reserved (7 bits) – Reserved for future use.
- C (1 bit) – Control bit indicating whether the SSTP packet represents an SSTP control packet or an SSTP data packet. This bit is set if the SSTP packet is a control packet.
- Length (16 bits) – Packet length field, composed of two values: a Reserved portion and a Length portion.
- * Reserved (4 bits) – Reserved for future use.
- * Length (12 bits) – Contains the length of the entire SSTP packet, including the SSTP header.
- Data (variable) – When Control bit C is set, this field contains an SSTP control message. Otherwise, the data field would contain a higher level protocol. At the moment, this can only be PPP.
SSTP control message structure
The Data field of the SSTP header would contain an SSTP control message only when the header's Control bit C is set.
SSTP Control Message
| Bit offset
|| Bits 0–15
|| Message Type
|| Attributes Count
- Message Type (16 bits) – Specifies the type of SSTP control message being communicated. This dictates the number and types of attributes that can be carried in the SSTP control packet.
- Attributes Count (16 bits) – Specifies the number of attributes appended to the SSTP control message.
- Attributes (variable) – Contains a list of attributes associated with the SSTP control message. The number of attributes is specified by the Attributes Count field.