Secure Socket Tunnelling Protocol (SSTP) is a proprietary standard owned by Microsoft. This means that the code is not open to public scrutiny, and Microsoft’s history of co-operating with the NSA, and on-going speculation about possible backdoors built-in to the Windows operating system, does not inspire my trust and confidence in the standard.
Secure Socket Tunneling Protocol (SSTP) is a tunnelling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL/TLS v3) channel of the HTTPS protocol. The use of PPP data frames allows support for strong authentication methods, such as EAP-TLS. SSL/TLS provides transport-level security with enhanced key negotiation, encryption, and integrity checking.
When a client tries to establish a SSTP-based VPN connection, SSTP first establishes a bidirectional HTTPS layer with the SSTP server. Over this HTTPS layer, the protocol packets flow as the data payload.