Catapult Hydra protocol uses standard, proven TLS-based security based on NIST recommendations to establish secure client-server connections and encrypt the payload.
Handshake is a standard TLS (Transport Layer Security) 1.2 only, no protocol downgrade allowed. It uses RSA certificates with 2048 bit key for server authentication and Elliptic Curve Diffie-Hellman algorithm (ECDHE) for Ephemeral Key Exchange. Ephemeral in this case means that encryption keys are generated for every new user's session and erased from memory when the session is over.
Catapult Hydra security code is evaluated by 3rd party security experts from more than 60% of the world’s largest security companies that use our SDK to provide VPN services to their users. The uniqueness of the protocol that gives it a large performance advantage is how the payload is delivered inside the secured tunnels between the client and the server.
AnchorFree has filed multiple patents to protect this protocol and continues working on its further improvement. The performance acceleration algorithms and the related code are independent of the security code that establishes and maintains the tunnels and can be used with other VPN security protocols, such as IPSEC.
NOTE: Catapult Hydra is not related to Slick VPN’s Hydra protocol.