{"id":7520,"date":"2022-05-05T12:24:37","date_gmt":"2022-05-05T09:24:37","guid":{"rendered":"https:\/\/vasexperts.com\/?p=7520"},"modified":"2025-08-12T14:49:52","modified_gmt":"2025-08-12T11:49:52","slug":"from-tcp-to-quic","status":"publish","type":"post","link":"https:\/\/vasexperts.com\/fr\/blog\/functionality\/from-tcp-to-quic\/","title":{"rendered":"Passage de TCP \u00e0 QUIC. Signatures Stingray SG"},"content":{"rendered":"Dans le processus de normalisation par l\u2019organisation IEFT, QUIC a \u00e9t\u00e9 divis\u00e9 en protocoles de transport et HTTP. Avec l\u2019aide du QUIC de transport, non seulement les donn\u00e9es HTTP sont transmises, mais aussi d\u2019autres, ce d\u00e9veloppement est r\u00e9alis\u00e9 par QUIC Working Group.\r\n\r\nQUIC implique un cryptage du trafic obligatoire : pour ce faire, il utilise TLS 1.3 pour d\u00e9finir les cl\u00e9s de session, puis crypter chaque paquet. Mais comme il est bas\u00e9 sur UDP, une grande partie des informations de session et des m\u00e9tadonn\u00e9es ouvertes sur TCP sont crypt\u00e9es dans QUIC.\r\n\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/05\/quic-tcp-udp.png\" alt=\"quic, tcp, udp\" width=\"100%\" height=\"auto\" class=\"alignnone size-full wp-image-7525\" srcset=\"\/wp-content\/uploads\/2022\/05\/quic-tcp-udp.png 1592w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-300x77.png 300w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-1024x264.png 1024w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-768x198.png 768w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-1536x397.png 1536w\" sizes=\"(max-width: 1592px) 100vw, 1592px\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/05\/quic-tcp-udp.png\" alt=\"quic, tcp, udp\" width=\"100%\" height=\"auto\" class=\"alignnone size-full wp-image-7525 lazyload\" sizes=\"(max-width: 1592px) 100vw, 1592px\" data-src=\"\/wp-content\/uploads\/2022\/05\/quic-tcp-udp.png\" data-srcset=\"\/wp-content\/uploads\/2022\/05\/quic-tcp-udp.png 1592w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-300x77.png 300w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-1024x264.png 1024w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-768x198.png 768w, \/wp-content\/uploads\/2022\/05\/quic-tcp-udp-1536x397.png 1536w\">\r\n\r\n<h2>Comment Stingray SG g\u00e8re le QUIC<\/h2>\r\nAvant l\u2019av\u00e8nement du QUIC, la d\u00e9tection des connexions HTTPS chiffr\u00e9es se faisait en tenant compte du SNI (Server Name Indication), qui \u00e9tait transmis en clair lorsque le client contactait le serveur.\r\n\r\nLa norme QUIC de l\u2019IETF introduit le cryptage SNI, ce qui complique la d\u00e9tection de l\u2019h\u00f4te auquel la connexion est effectu\u00e9e. Depuis Stingray SG 11.2, le d\u00e9cryptage SNI est devenu disponible lors de l\u2019\u00e9tablissement d\u2019une connexion \u00e0 l\u2019aide du protocole QUIC IETF. Cette fonctionnalit\u00e9 a permis de d\u00e9composer les connexions IETF QUIC en signatures distinctes dont le transport est QUIC.\r\n\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation.png\" alt=\"common channel traffic allocation\" width=\"100%\" height=\"auto\" class=\"alignnone size-full wp-image-7526\" srcset=\"\/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation.png 1247w, \/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation-300x185.png 300w, \/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation-1024x632.png 1024w, \/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation-768x474.png 768w\" sizes=\"(max-width: 1247px) 100vw, 1247px\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation.png\" alt=\"common channel traffic allocation\" width=\"100%\" height=\"auto\" class=\"alignnone size-full wp-image-7526 lazyload\" sizes=\"(max-width: 1247px) 100vw, 1247px\" data-src=\"\/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation.png\" data-srcset=\"\/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation.png 1247w, \/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation-300x185.png 300w, \/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation-1024x632.png 1024w, \/wp-content\/uploads\/2022\/05\/common-channel-traffic-allocation-768x474.png 768w\">\r\n\r\nNous voyons que les protocoles HTTP\/HTTPS et QUIC\/QUIC IETF sont dans le canal commun. Cela nous indique qu\u2019il y a une transition en douceur vers les nouvelles normes. La s\u00e9lection des applications bas\u00e9es sur ces protocoles est effectu\u00e9e par le nom de domaine des h\u00f4tes sur lesquels le contenu est h\u00e9berg\u00e9, par exemple, YOUTUBE, TWITTER, FACEBOOK, INSTAGRAM.\r\n\r\n<h2>Signatures Stingray SG<\/h2>\r\nLes signatures sont des mod\u00e8les de recherche de trafic charg\u00e9s dans le moteur DPI. Ils sont utilis\u00e9s pour scanner en permanence tous les paquets IP afin de d\u00e9terminer l\u2019appartenance de Flow (IPscr:port \u2013 IPdst:port) \u00e0 une application\/protocole\/signature particuli\u00e8re.\r\n\r\nLes signatures en Stingray SG sont divis\u00e9es en deux groupes:\r\n\r\n<ol>\r\n\t<li>G\u00e9n\u00e9rales<\/li>\r\n\t<li>Personnalis\u00e9s ou Programmables.<\/li>\r\n<\/ol>\r\n\r\n<h3>Signatures g\u00e9n\u00e9rales<\/h3>\r\nAjout\u00e9es et modifi\u00e9es uniquement par les d\u00e9veloppeurs de VAS Experts. Sont charg\u00e9s dans Stingray SG lors de la mise \u00e0 niveau de la version du logiciel Stingray SG.\r\n\r\n<h3>Signatures personnalis\u00e9es<\/h3>\r\nAjout\u00e9 par l\u2019utilisateur via l\u2019interface graphique Stingray SG en utilisant le compte personnel de VAS Cloud.\r\n\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/05\/vas-cloud.png\" alt=\"vas cloud\" width=\"100%\" height=\"auto\" class=\"alignnone size-full wp-image-7527\" srcset=\"\/wp-content\/uploads\/2022\/05\/vas-cloud.png 1914w, \/wp-content\/uploads\/2022\/05\/vas-cloud-300x111.png 300w, \/wp-content\/uploads\/2022\/05\/vas-cloud-1024x379.png 1024w, \/wp-content\/uploads\/2022\/05\/vas-cloud-768x284.png 768w, \/wp-content\/uploads\/2022\/05\/vas-cloud-1536x569.png 1536w\" sizes=\"(max-width: 1914px) 100vw, 1914px\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/05\/vas-cloud.png\" alt=\"vas cloud\" width=\"100%\" height=\"auto\" class=\"alignnone size-full wp-image-7527 lazyload\" sizes=\"(max-width: 1914px) 100vw, 1914px\" data-src=\"\/wp-content\/uploads\/2022\/05\/vas-cloud.png\" data-srcset=\"\/wp-content\/uploads\/2022\/05\/vas-cloud.png 1914w, \/wp-content\/uploads\/2022\/05\/vas-cloud-300x111.png 300w, \/wp-content\/uploads\/2022\/05\/vas-cloud-1024x379.png 1024w, \/wp-content\/uploads\/2022\/05\/vas-cloud-768x284.png 768w, \/wp-content\/uploads\/2022\/05\/vas-cloud-1536x569.png 1536w\">\r\n\r\nLa signature personnalis\u00e9e est d\u00e9termin\u00e9e par l\u2019IP ou le nom de domaine d\u2019h\u00f4te (SNI) avec lequel l\u2019utilisateur interagit. Tous les Flow avec ces param\u00e8tres sont marqu\u00e9s de la signature correspondante, qui peut ensuite \u00eatre affect\u00e9e \u00e0 l\u2019une des huit classes de maintien de l\u2019ordre, ignor\u00e9e sans traitement ou bloqu\u00e9e.\r\n\r\n[subscription id=\u00a0\u00bb11987\u2033]Abonnez-vous \u00e0 notre newsletter et restez inform\u00e9 des derniers d\u00e9veloppements et offres sp\u00e9ciales.[\/subscription]","protected":false},"excerpt":{"rendered":"<p>Bref sur le QUIC: QUIC est un protocole de communication de transport qui est consid\u00e9r\u00e9 comme un remplacement de TCP en raison d&rsquo;une plus grande fiabilit\u00e9, s\u00e9curit\u00e9 et latence r\u00e9duite et qui fonctionne sur UDP. Cette technologie a \u00e9t\u00e9 cr\u00e9\u00e9e par les d\u00e9veloppeurs de Google et l&rsquo;appelait \u00e0 l&rsquo;origine \u00ab HTTP\/2-encrypted-over-UDP \u00bb.<\/p>\n","protected":false},"author":7,"featured_media":7524,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[],"class_list":["post-7520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-functionality"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>(English) VASExperts<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/\",\"url\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/\",\"name\":\"[:en]From TCP to QUIC. Stingray SG Signatures \u2014 VAS Experts Blog[:es]Transici\u00f3n de TCP a QUIC. Firmas Stingray SG \u2014 VAS Experts Blog[:fr]Passage de TCP \u00e0 QUIC. Signatures Stingray SG \u2014 VAS Experts Blog[:br]Do TCP ao QUIC. Assinaturas do Stingray SG \u2014 Blog de VAS Experts\",\"isPartOf\":{\"@id\":\"https:\/\/vasexperts.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#primaryimage\"},\"thumbnailUrl\":\"\/wp-content\/uploads\/2022\/05\/quic-signature.jpg\",\"datePublished\":\"2022-05-05T09:24:37+00:00\",\"dateModified\":\"2025-08-12T11:49:52+00:00\",\"author\":{\"@id\":\"https:\/\/vasexperts.com\/#\/schema\/person\/f4edcaef26fe49b6b59baf8ac5b62170\"},\"description\":\"[:en]QUIC implies mandatory encryption of traffic: to do this, it uses TLS 1.3 to set session keys, and then encrypt each package.[:es]QUIC implica encriptaci\u00f3n de tr\u00e1fico obligatoria: para esto, utiliza TLS 1.3 para establecer claves de sesi\u00f3n y luego encripta cada paquete.[:fr]QUIC implique un cryptage du trafic obligatoire : pour ce faire, il utilise TLS 1.3 pour d\u00e9finir les cl\u00e9s de session, puis crypter chaque paquet.[:br]O QUIC implica a criptografia obrigat\u00f3ria do tr\u00e1fego: para isso, ele usa o TLS 1.3 para definir as chaves de sess\u00e3o e, em seguida, criptografar cada pacote\",\"breadcrumb\":{\"@id\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#primaryimage\",\"url\":\"\/wp-content\/uploads\/2022\/05\/quic-signature.jpg\",\"contentUrl\":\"\/wp-content\/uploads\/2022\/05\/quic-signature.jpg\",\"width\":1740,\"height\":1080,\"caption\":\"quic-signature\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/vasexperts.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"From TCP to QUIC. Stingray SG Signatures\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/vasexperts.com\/#website\",\"url\":\"https:\/\/vasexperts.com\/\",\"name\":\"ITGLOBAL.COM\",\"description\":\"(English) VASExperts\",\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/vasexperts.com\/#\/schema\/person\/f4edcaef26fe49b6b59baf8ac5b62170\",\"name\":\"Elena Rudich\",\"url\":\"https:\/\/vasexperts.com\/fr\/blog\/author\/elena-rudich\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"(English) VASExperts","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/","url":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/","name":"[:en]From TCP to QUIC. Stingray SG Signatures \u2014 VAS Experts Blog[:es]Transici\u00f3n de TCP a QUIC. Firmas Stingray SG \u2014 VAS Experts Blog[:fr]Passage de TCP \u00e0 QUIC. Signatures Stingray SG \u2014 VAS Experts Blog[:br]Do TCP ao QUIC. Assinaturas do Stingray SG \u2014 Blog de VAS Experts","isPartOf":{"@id":"https:\/\/vasexperts.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#primaryimage"},"image":{"@id":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2022\/05\/quic-signature.jpg","datePublished":"2022-05-05T09:24:37+00:00","dateModified":"2025-08-12T11:49:52+00:00","author":{"@id":"https:\/\/vasexperts.com\/#\/schema\/person\/f4edcaef26fe49b6b59baf8ac5b62170"},"description":"[:en]QUIC implies mandatory encryption of traffic: to do this, it uses TLS 1.3 to set session keys, and then encrypt each package.[:es]QUIC implica encriptaci\u00f3n de tr\u00e1fico obligatoria: para esto, utiliza TLS 1.3 para establecer claves de sesi\u00f3n y luego encripta cada paquete.[:fr]QUIC implique un cryptage du trafic obligatoire : pour ce faire, il utilise TLS 1.3 pour d\u00e9finir les cl\u00e9s de session, puis crypter chaque paquet.[:br]O QUIC implica a criptografia obrigat\u00f3ria do tr\u00e1fego: para isso, ele usa o TLS 1.3 para definir as chaves de sess\u00e3o e, em seguida, criptografar cada pacote","breadcrumb":{"@id":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#primaryimage","url":"\/wp-content\/uploads\/2022\/05\/quic-signature.jpg","contentUrl":"\/wp-content\/uploads\/2022\/05\/quic-signature.jpg","width":1740,"height":1080,"caption":"quic-signature"},{"@type":"BreadcrumbList","@id":"https:\/\/vasexperts.com\/blog\/functionality\/from-tcp-to-quic\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/vasexperts.com\/"},{"@type":"ListItem","position":2,"name":"From TCP to QUIC. Stingray SG Signatures"}]},{"@type":"WebSite","@id":"https:\/\/vasexperts.com\/#website","url":"https:\/\/vasexperts.com\/","name":"ITGLOBAL.COM","description":"(English) VASExperts","inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/vasexperts.com\/#\/schema\/person\/f4edcaef26fe49b6b59baf8ac5b62170","name":"Elena Rudich","url":"https:\/\/vasexperts.com\/fr\/blog\/author\/elena-rudich\/"}]}},"_links":{"self":[{"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/posts\/7520"}],"collection":[{"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/comments?post=7520"}],"version-history":[{"count":10,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/posts\/7520\/revisions"}],"predecessor-version":[{"id":12953,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/posts\/7520\/revisions\/12953"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/media\/7524"}],"wp:attachment":[{"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/media?parent=7520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/categories?post=7520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vasexperts.com\/fr\/wp-json\/wp\/v2\/tags?post=7520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}