Secure Socket Tunneling Protocol (SSTP)

The secure socket tunneling protocol (SSTP) is a VPN protocol where communications between two points use the transport layer security (TLS) to secure traffic and bypass standard network firewalls.

As software or hardware, virtual private networks (VPN) provide a private channel over public networks, like the internet, for direct connection to a host network. Tunneling protocols are the most common method for establishing a VPN connection. SSTP is an example of a tunneling protocol and built off of previous generations like L2TP to offer more robust encryption and connectivity. 

Read our Guide to Virtual Private Networks (VPN) for the Webopedia deep dive into everything VPNs and the top 18 vendors.

Note: While both share an acronym, the simple symmetric transport protocol (also SSTP) refers to communication between programs in a network and is unrelated to the VPN protocol referenced in this article.

SSTP vs. Other Tunneling Protocols

All internet communication runs through protocols that set the terms for transferring data. In computer networking, the protocols that enable data transfers between networks are called tunneling protocols. Tunneling protocols repackage data transferred over the internet that both secure the transfer and bypass standard network roadblocks. The other commonly used tunneling protocols today are PPTP, L2TP, OpenVPN, and IKEv2. Both L2TP and IKEv2 are capable of using IPSec encryption modes. 

How SSTP Came To Be

SSTP was first developed in 2007 by Microsoft for their Windows Vista OS. Before this, the Point-to-Point Tunneling Protocol (PPTP) from Microsoft and the Layer 2 Forwarding (L2F) from Cisco led to the combined capabilities of Layer 2 Tunnelling Protocol (L2TP). While proficient site-to-site VPNs of their time, these tunneling protocols could not bypass specific web proxies, firewalls, and network routers

By comparison, SSTP offers 256-bit AES for encryption, more notable security features, and faster speeds. Today, SSTP is a popular choice over its predecessors but is only compatible with Windows and some Linux distros. Other popular alternatives include IKEv2 and OpenVPN.

How is SSTP used?

Individuals and organizations deploy SSTP VPNs to secure data and online communications between users and a private network. The secure socket tunneling protocol is an example of a remote access VPN and gives client machines the ability to work in a distant, private network of their own.

How Does SSTP Work?

SSTP provides a tunnel where two parties––a VPN client and a VPN server––can communicate on an encrypted channel. With an SSTP server hosting the VPN, users can establish a secure connection online over HTTPS with TCP port 443. The tunnel serves as a medium for traffic over the TLS channel––a significant appeal of the secure socket tunneling method. TLS is the next generation of the Secure Sockets Layer (SSL) and serves as the security layer for HTTPS over the internet.

This point-to-point protocol (PPP) allows clients to surf the web without leaving a recognizable trace. Like other VPNs, the SSTP scrambles communications, so that client data is indiscernible to malicious actors online or the client’s internet service provider (ISP).

Security features of SSTP 

Relative to other tunneling protocols, SSTP offers robust security features akin to OpenVPN with SSL 3.0 and 256-bit encryption. The SSTP’s control packets contain messages that limit packet parameters, thus avoiding the possibility of a man-in-the-middle attack. The most notable SSTP features for defending data include:

  • Encryption convolutes data and prevents unintended or unauthorized access
  • Integrity checking compares the state of data regularly and verifies the legitimacy
  • Key negotiation facilitates the agreements between communicating parties

Interested in learning more about how VPNs work and use tunneling to secure users? Read VPN Security Risks: Best Practices for 2021.

Sam Ingalls
Sam Ingalls
Sam Ingalls is an award-winning writer and researcher covering enterprise technology, cybersecurity, data centers, and IT trends, for Webopedia, eSecurity Planet, ServerWatch, and Channel Insider.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

XiaoBa Ransomware

XiaoBa is a type of file-encrypting ransomware that runs on Windows and encodes...

Team Management Software

Team management software is a type of organizational software that supports remote team...

Kaseya Ransomware Attack

The 2021 ransomware cyberattack on U.S.-based software solutions company, Kaseya, is known as...