PSA: A break in compatibility when using GCM crypto suites
285 views
Skip to first unread message
Peter Thatcher
Mar 15, 2017, 11:47:14 AM3/15/17
to discuss-webrtc
If you didn't enable GCM crypto suites , you can stop reading this message.
In case you're wondering where GCM mode is enabled, it's via PeerConnectionFactoryInterface::SetOptions with options.crypto_options.enable_gcm_crypto_suites = true. Again, it's off by default, so it's unlikely that you have it enabled and this probably doesn't affect you.
Chen Cong
Jul 10, 2017, 2:48:14 AM7/10/17
to discuss-webrtc
Hi,
How can I enable GCM in the web by using js api?
在 2017年3月15日星期三 UTC+8下午11:47:14,Peter Thatcher写道:
在 2017年3月15日星期三 UTC+8下午11:47:14,Peter Thatcher写道:
Cong Chen
Jul 10, 2017, 3:03:23 AM7/10/17
to discuss-webrtc
Hi,
How can I enable GCM crypto in the web by using js api?
jba...@webrtc.org
Jul 11, 2017, 3:05:29 AM7/11/17
to discuss-webrtc
There is no API to control this from JavaScript, but you can enable it through "chrome://flags" ("Negotiation with GCM cipher suites for SRTP in WebRTC").
Making this the default is tracked by https://crbug.com/713701
Message has been deleted
Jose Antonio Olivera Ortega
Dec 12, 2017, 1:50:04 PM12/12/17
to discuss-webrtc
Hi there!
Quick question about enabling GCM crypto suites. I am enabling GCM crypto suites (new clients M61, no old ones involved) for a quick test and I see in the stats this: `googComponent.srtpCipher=AEAD_AES_256_GCM`. The thing that I am only enabling GCM crypto suites *for only one side*. According to https://chromium.googlesource.com/external/webrtc/+/branch-heads/61/webrtc/rtc_base/sslstreamadapter.h#78 _"GCM will only be used if both sides enable it"_. That puzzles me a bit because I was assuming to see something like `googComponent.srtpCipher=AES_CM_128_HMAC_SHA1_80`. Could guys tell me how this is even possible?
Cheers,
jaoo
Quick question about enabling GCM crypto suites. I am enabling GCM crypto suites (new clients M61, no old ones involved) for a quick test and I see in the stats this: `googComponent.srtpCipher=AEAD_AES_256_GCM`. The thing that I am only enabling GCM crypto suites *for only one side*. According to https://chromium.googlesource.com/external/webrtc/+/branch-heads/61/webrtc/rtc_base/sslstreamadapter.h#78 _"GCM will only be used if both sides enable it"_. That puzzles me a bit because I was assuming to see something like `googComponent.srtpCipher=AES_CM_128_HMAC_SHA1_80`. Could guys tell me how this is even possible?
Cheers,
jaoo
Warren McDonald
Dec 13, 2017, 4:54:21 PM12/13/17
to discuss-webrtc
I think the negotiation logic was to use GCM if the offer contained and both sides supported it. You can safely ask for GCM and still negotiate and get non GCM with peers that don't support it.
Jose Antonio Olivera Ortega
Dec 14, 2017, 11:19:51 AM12/14/17
to discuss-webrtc
Thanks! I figured it out that what I was seeing was because a SFU was involved in my test.
Reply all
Reply to author
Forward
0 new messages