SSTP explained — is it good, and why do we use it?

What is SSTP?

SSTP (also known as Secure Socket Tunneling Protocol) is a VPN tunneling protocol designed to secure your online traffic. Microsoft developed SSTP to replace the less secure PPTP and L2TP/IPSec protocols. SSTP is typically used to protect native Windows VPN connections.

How does SSTP work?

Like other protocols, SSTP establishes an encrypted tunnel between a VPN client and a VPN server. The data that passes through the tunnel is protected from external interception.

SSTP is an improvement over PPTP (Point-to-Point Tunneling Protocol) as it uses SSL/TLS, secure key negotiations, TCP port 443, and encrypted transfers. These features allow SSTP to bypass firewalls that block specific ports and guarantee more security. Since SSTP can bypass NAT firewalls, it is usually compared to OpenVPN protocol.

SSTP also bases its connections on user authentication as opposed to device or computer authentication. This issue can restrict the usage of SSTP.

SSTP vs. other protocols

SSTP is considered more secure than PPTP and L2TP/IPSec, and it is more difficult for ISPs and firewalls to block VPNs using this protocol.

SSTP vs. OpenVPN

OpenVPN is newer than SSTP. Moreover, OpenVPN is open source and benefits from contributor reviews and updates. It also uses AES encryption, which is the standard in symmetric encryption.

While both protocols use strong encryption and ciphers, OpenVPN is a more widely accepted and universal choice as it is available on Windows platforms and beyond. It’s more stable and trustworthy, and it potentially has no loopholes.

SSTP vs. PPTP

PPTP is an older protocol than SSTP. It is also more reliable and easier to set up. PPTP is also more widely supported as it isn’t available only on Windows.

However, PPTP can be easily blocked by internet service providers or admins. As SSTP uses port 443, it is more difficult to block.

SSTP vs. WireGuard

In this case, both SSTP and WireGuard protocols are equally good at securing your data. However, WireGuard is open source and faster than SSTP. Also, WireGuard works on more platforms. While both protocols are decent, if you want security, privacy, and speed simultaneously, we recommend choosing WireGuard.

Related articles

Connection Best cheap VPNs: too good to be true?

Oct 11, 2022

·

10 min read

Connection How to use a VPN

Apr 16, 2022

·

14 min read

Pros and cons of SSTP

Here are some pros and cons of SSTP:

Pros

• Almost as secure as OpenVPN. SSTP uses SSL and encloses data packets over HTTPS.
• Difficult to block due to TCP port 443 usage. SSTP can effectively bypass firewalls.
• Easy to use and configure. SSTP is easier to set up than OpenVPN.

Cons

• Closed source. SSTP is not open source, so it is not possible to check if it contains hidden surprises like backdoors.
• Owned by Microsoft. Microsoft’s ties to the NSA lead to speculation that SSTP may have backdoors or other security loopholes.
• Limited availability. It is only available for Windows.
• TCP meltdown issues. Two TCP connections contained within each other can cause connectivity issues.
• Supports user authentication only. This issue can limit the usage of SSTP.
• Slowness. Robust encryption makes the algorithm slow.

What is an SSTP VPN?

An SSTP VPN is an SSTP connection offered by a VPN provider. Usually, you can choose this option in your VPN client’s interface. However, it is best to use a VPN that offers multiple protocols to choose from.