stream not recieved if DtlsSrtpKeyAgreement true and DTLS enable in native receiver
1,911 views
Skip to first unread message
anil2...@gmail.com
Sep 30, 2017, 11:51:56 AM9/30/17
to discuss-webrtc
Hi,
We are using webrtc native c++ receiver and chrome extension as sender which sends stream.
We are facing a situation wherein receiver is not able to receive stream from chrome extension.
At receiver we are getting following logs:-
(openssladapter.cc:800): SSL_connect:SSLv3 write client hello A
(openssladapter.cc:800): SSL_connect:SSLv3 flush data
(openssladapter.cc:800): SSL_connect:DTLS1 read hello verify request A
(openssladapter.cc:810): SSL_connect:error in DTLS1 read hello verify request A
(dtlstransportchannel.cc:583): Jingle:DtlsTransport[audio|1|__]: DtlsTransport: Started DTLS handshake
(srtpfilter.cc:436): SRTP reset to init state
(srtpfilter.cc:436): SRTP reset to init state
(openssladapter.cc:800): SSL_connect:SSLv3 read server hello A
(openssladapter.cc:803): SSL3 alert write:fatal:unexpected_message
(openssladapter.cc:810): SSL_connect:error in SSLv3 read server hello A
(opensslstreamadapter.cc:884): OpenSSLStreamAdapter::Error(ContinueSSL, 1, 0)
(opensslstreamadapter.cc:894): Cleanup
(dtlstransportchannel.cc:561): Jingle:DtlsTransport[audio|1|__]: DTLS transport error, code=1
:
:
(video_receive_stream.cc:485): No decodable frame in 3000 ms, requesting keyframe.
(rtcp_sender.cc:717): Can't send rtcp if it is disabled.
from the log it looks SSL is getting failed.
it works fine if DTLS is disable in creating peerconnection at Native receiver and make DtlsSrtpKeyAgreement :false at chrome.
It would be a great help if someone can pointers for this issue.
I request webrtc community to answer following questions:-
(1) what is role of DtlsSrtpKeyAgreement flag, is it control enabling and disabling of DTLS and TLS security in webrtc?
(2) if we use DtlsSrtpKeyAgreement : false at chrome extension, will it make webrtc unsecure?
Thanks,
Anil
Taylor Brandstetter
Sep 30, 2017, 5:04:48 PM9/30/17
to discuss-webrtc
(1) what is role of DtlsSrtpKeyAgreement flag, is it control enabling and disabling of DTLS and TLS security in webrtc?
Yes. If it's false, SDES is used instead of DTLS. Which you should note will not be supported forever; JSEP specifically disallows it.
(2) if we use DtlsSrtpKeyAgreement : false at chrome extension, will it make webrtc unsecure?
No; as long as the SDP (with SDES keying information) is transmitted over a secure signaling channel, the media is secure. But there's still a risk that the SDP could be leaked by the application unintentionally, which is why (or at least one reason why) the standards group decided to require DTLS instead. It places the responsibility for security entirely on the webrtc implementation.
I don't know why this would happen if you're using vanilla webrtc on both sides, though. Is the native application possibly using an old version of webrtc?
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrtc+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/fac939ae-346b-4023-b994-17280fe41046%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
anil2...@gmail.com
Oct 1, 2017, 10:17:21 AM10/1/17
to discuss-webrtc
> native application using 6 months old version of webrtc.
> I will look into code as u suggested.
I would like to share some more information of scenario when this issue occur.
When our signaling server is hosted on same machine as of receiver then there is no issue i.e DTLS enable works fine.
However, in case we host signaling server on a linux machine outside of intranet, then only DTLS enabled case does not work.
We will look more in the scenario and will share the same the observeration.
Thank you for you quick response.
Anil
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
anil2...@gmail.com
Mar 5, 2018, 6:19:39 AM3/5/18
to discuss-webrtc
Hi,
We are facing issue with some clients not able to share stream whenever one the client is native c++ and other is chrome browser.
I doubt we are not properly enabling DTLS-SRTP.
in native C++ we enable dtls as follows:-
webrtc::PeerConnectionInterface::RTCConfiguration config;
webrtc::FakeConstraints constraints;
constraints.AddOptional(webrtc::MediaConstraintsInterface::kEnableDtlsSrtp,
"true");
CreatePeerConnection(
config, &constraints, NULL, NULL, this);
at chrome we just provide:-
var pcOptions = {
optional: [
{DtlsSrtpKeyAgreement: true}
]
};
var pc_config = {
"iceServers": []
};
var peer = new RTCPeerConnection(pc_config, pcOptions);
is it enough to enable dtls-srtp ?
don't we require at c++ rtc::RTCCertificateGeneratorInterface support and
similar support at chrome side.
Thanks,
Anil
Harald Alvestrand
Mar 5, 2018, 6:56:18 AM3/5/18
to WebRTC-discuss
Note that both sides either have to use DtlsSrtpKeyAgreement = false or DtlsSrtpKeyAgreement = (not set or true).
If one side uses DtlsSrtpKeyAgreement = false and the other uses DtlsSrtpKeyAgreement = true (or doesn't set the argument), negotiation will fail.
BTW: Setting DtlsSrtpKeyAgreement: true does nothing, and should be omitted. it is the default.
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/17789c89-32b4-4079-afa9-5c7735937e6c%40googlegroups.com.To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrtc+unsubscribe@googlegroups.com.
anil2...@gmail.com
Mar 5, 2018, 7:50:14 AM3/5/18
to discuss-webrtc
We are maintaining same thing both side.
However, it does not work always when DtlsSrtpKeyAgreement=true on both side.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages