What SSTP is and its suitability for VPN connections

Anton P. | March 2, 2022

SSTP (Secure Socket Tunneling Protocol) is a protocol commonly used to establish secure VPN connections. It entered the industry in the 2000s, introduced by Microsoft as an alternative to outdated PPTP and L2TP/IPSec. Essentially, SSTP deals with generating reliable tunnels for traversing encrypted data. Thus, it is one of the protocols for creating secure travel paths between the VPN server and your device. However, is SSTP still relevant, or are there better, more modern alternatives?

SSTP

What is SSTP?

SSTP is a Microsoft proprietary VPN protocol. It equips Transport Layer Security (TLS) to establish safe connections between the VPN client and server. Its integration started with Windows Vista and later Windows versions also include native support. Additionally, SSTP is also available on other operating systems, like Linux and Android.

In simple terms, it is a VPN tunneling protocol responsible for crafting tunnels VPNs use to transfer data. So, SSTP builds roads for the encrypted data to reach the intended recipients fully intact.

Similar to PPTP, SSTP moves PPP (Point-to-Point Protocol) traffic. However, it does so through SSL/TLS channels. As a result, SSTP has more security mechanisms backing up its reliability. For one, its connections have key negotiation, encryption, and traffic integrity checking.

One of the advantages of SSTP is that it allegedly worked better for evading VPN blocks. Such benefits come from using SSL/TLS over TCP port 443. It is the same port HTTPS utilizes.

Pros and cons of SSTP

Like any VPN protocol, there are advantages and disadvantages. Newer standards can push outdated ones out (like PPTP), but others might simply be better suited to serve particular purposes.

Pros:

  • High-end security. Experts consider SSTP a secure protocol, supporting AES-256-bit encryption. The latter is a cryptographically reliable option.
  • Difficult to block or detect. SSTP uses TCP port 443, the same as HTTPS. So, it might be challenging to differentiate between SSTP and HTTPS traffic, ending with fewer chances of blocked access.
  • Easy setup on Windows. Operating systems like Windows have integrated support for SSTP. Thus, it might be easier to configure SSTP than, say, OpenVPN, which is not built-in to Windows.
  • Decent performance in sufficient conditions. The speed of SSTP connections can be satisfactory. However, experts have noted that it might struggle to support activities like online gaming or peer-to-peer sharing.

Cons:

  • Owned by Microsoft. Microsoft is not a role model for preserving users’ privacy. Its questionable activities get overlooked frequently, while most of the gruesome privacy invasions relate to other big tech. In reality, the reliability of SSTP is a matter of perspective. After all, Microsoft allegedly works with the NSA. Over the years, Microsoft has supplied access to many resources requested by NSA. So, a dubious dilemma is whether people wishing for more privacy online should go for SSTP.
  • Performance limitations. Using a TCP tunnel has its pitfalls. SSTP will indeed function properly if it has enough excess bandwidth. It ensures that the tunneled TCP timers do not run out. If they do, the performance will drop drastically.
  • TCP meltdown problem. The latter is one of the main reasons for significant drops in SSTP performance. It happens when you stack one transmission protocol on top of another. Such a scenario occurs when the TCP tunnel traverses TCP traffic. The underlying layer can identify an issue and solve it by compensating for it. The layer above reacts by overcompensating. This attempt to make up for shortcomings triggers delays and problems with data transfers. As a result, the SSTP connections turn idle when encountering TCP meltdown.
  • Lack of opportunities to test SSTP defense. Circling back to Microsoft, it also prevents cybersecurity researchers from contributing to protocol reliability. Since the SSTP code is unavailable, it becomes impossible for volunteer experts to test it. Take WireGuard as a complete opposite. Its code is publicly available, meaning anyone can inspect it more closely. Thus, it also becomes impossible to deny whether the allegedly close relationship between Microsoft and NSA does not extend to SSTP.

Modern alternatives for SSTP

While the security of SSTP is similar to OpenVPN, other features are not equally adept. Let’s explore the main reasons why WireGuard, IKEv2/IPSec, or OpenVPN are better options.

  • SSTP is a closed-source protocol. Lack of transparency makes it challenging to trust SSTP. Its ownership and potential association with NSA is spooky, enough to make privacy-conscious users look the other way. Besides dubious backdoors, the closed-source protocol might have undiscovered or unpatched vulnerabilities. It limits the further development of SSTP, which could potentially strengthen its validity.
  • More stability and better security. IKEv2/IPSec and other protocols using UDP are faster than those equipped with TCP. WireGuard also chooses UDP, which has become a standard for VPN connections.
  • Lack of compatibility. Microsoft owns SSTP and has made it available for Windows, Linux, Android, and routers. Such cross-platform compatibility is not exactly enough for modern users. VPN protection is essential for most internet-connected devices. WireGuard and IKEv2/IPSec do not face such obstacles.

Products using WireGuard, IKEv2/IPSec, and OpenVPN protocols have proved their reliability and seamless usage. Of course, SSTP has its benefits, like the stronger resistance against VPN blocks. However, its alleged association with NSA is a strong factor and likely one turning heads the other way.

Atlas VPN supports both IKEv2/IPSec and WireGuard protocols. We strongly believe these options to be resistant, trustworthy, and robust. You can select which is more suitable for your online journey via Atlas VPN settings.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

pptphttpstcpopenvpn

© 2022 Atlas VPN. All rights reserved.