DTLS Handshake Failure (Unable to connect to Kurento via WebRTC)

1,098 views
Skip to first unread message

cliffor...@gmail.com

unread,
Sep 6, 2016, 10:24:39 PM9/6/16
to kurento
Recently WebRTC connectivity in Chrome seems to have broken, the result is that ICE candidates seem unable to connect. I'm finding the following in the Chrome debug logs:

[37556:7759:0906/220131:ERROR:dtlstransportchannel.cc(507)] Jingle:Channel[audio|1|__]: Received non-DTLS packet before DTLS complete.

[37556:7759:0906/220131:ERROR:dtlstransportchannel.cc(507)] Jingle:Channel[audio|1|__]: Received non-DTLS packet before DTLS complete.


And the Ice State remains forever in "Checking".


I did a capture in WireShark and see the DTLS handshake failing pretty much as soon as it gets started (immediately after the DTLSv1.0 Client Hello). See the attached screenshot for more details about the UDP stream for the selected candidate pair.



About 1 month ago this was working fine, and suddenly it has broken, I'm fairly certain this is not a change on our end causing the issue.


I also reported a bug about this same issue on Android happening with updated libjingle libraries about 8 weeks back. It seems to now be present in the current version of Chrome. For reference: https://github.com/Kurento/bugtracker/issues/95 (details about our KMS version etc present at this issue).


Any thoughts?

Ivan Gracia

unread,
Sep 7, 2016, 3:24:38 AM9/7/16
to Kurento Public
What's your OpenSSL version? Have a look at this post, just in case.

Ivan Gracia



--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

cliffor...@gmail.com

unread,
Sep 7, 2016, 10:37:02 PM9/7/16
to kurento

OpenSSL 1.0.1f 6 Jan 2014


Which according to the thread you linked is too old. Probably safe to assume that will fix the issue bother here and on Android. I'll apply updates and test tomorrow. Thanks for you feedback, and sorry I didn't find that thread myself prior to posting.


Ivan Gracia



To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.

Ivan Gracia

unread,
Sep 8, 2016, 3:41:48 AM9/8/16
to Kurento Public
No worries! Please do post back with your findings.

Ivan Gracia



To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.

cliffor...@gmail.com

unread,
Sep 8, 2016, 8:20:19 PM9/8/16
to kurento
Yeah, confirmed this resolves the issues with Chrome.

I'm going to update my build environment and produce a new set of libjingle libraries to test on Android over the weekend as well, error is incredibly similar so I suspect it will be resolved there too.

Tarun Maheshwari

unread,
Jul 10, 2017, 5:45:49 AM7/10/17
to kurento, cliffor...@gmail.com
Hi,

I am running kurento hello world program with docker running on kurento media server version 6.5.0
Here Server is trying to initiate DTLS message "Client Hello". But this message is not reaching to the chrome browser.
I checked the wireshark logs at browser machine. Here no DTLS "Client Hello" is reaching to browser.
My openssl in docker image is OpenSSL 1.0.1e-fips( inside docker)
Will updating openssl to 1.02 (or latest available) and Kurento media server to 6.6.1 will solve this DTLS handshare issue?
Please help me to solve this issue.

Thanks,
Tarun

Tarun Maheshwari

unread,
Jul 11, 2017, 6:27:52 AM7/11/17
to kur...@googlegroups.com
Hi,

I m now moved to KMS 6.6.1 (on docker) and open SSL version is below:
OpenSSL 1.0.1f 6 Jan 2014 (Library: OpenSSL 1.0.2g-fips  1 Mar 2016)

Here with helloworld program, I m finding webrtc loopback is not suceeding for all time.
On average out of 5 time, 1 time loopback connection is suceeding.

I observed 2 things:
One is below error message comes while restarting server.
service kurento-media-server-6.0 start
/etc/init.d/kurento-media-server-6.0: 20: ulimit: error setting limit (Operation not permitted)
 * Starting Kurento Media Server

Other is DTLS handshake is not sucessful when call(loopback hello world) is not established sucessfully.

Please help me to know why most of time loopback connection of hello world program is not suceeding on docker KMS.

--
You received this message because you are subscribed to a topic in the Google Groups "kurento" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kurento/O-sFquUtLEc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kurento+unsubscribe@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/84698417-62b7-4efa-b461-5f5b3b9fed63%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
With Regards,
Tarun Maheshwari
09591732547

vijay krishna

unread,
Jan 9, 2018, 7:19:28 AM1/9/18
to kurento
Hey Tarun,

What browser are you using? I am facing similar issue in edge.
To unsubscribe from this group and all its topics, send an email to kurento+u...@googlegroups.com.

To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/84698417-62b7-4efa-b461-5f5b3b9fed63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages