Chrome not selecting DTLS crypto suite with WebRTC

609 views
Skip to first unread message

roxlu

unread,
Jul 14, 2016, 6:38:56 AM7/14/16
to discuss-webrtc

I'm working on an ice-lite implementation with as goal to accept a video stream from Chrome in my app. Chrome sends the STUN binding request. I reply with a success binding response (with xor-mapped-address, user, message-integrity and fingerprint). Next, Chrome send the DTLS Client Hello. My server replies with Server Hello and the DTLS handshake takes place. 


After that I would expect to receive SRTP data, but In the Chrome logs I see "[10993:33351:0714/114441:ERROR:channel.cc(878)] No DTLS-SRTP selected crypto suite".  I'm trying to figure out why no crypto suite is selected or if there is another reason why Chrome doesn't send me the SRTP data. My server is using the mbedtls library, which logs: "selected ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA". When I inspect the data stream with Wireshark I see that this cipher suite is indeed selected. 


I have attached the logs I got from Chrome, my application log which shows the DTLS handshake debug info and a wireshark capture. 

I've also posted the logs here: https://gist.github.com/roxlu/9d39b04b0265e0e0d7f88b046937af5b 

The snippet below shows that Chrome successfully finishes the DTLS handshake but doesn't select a cipher.


Any ideas what may cause this?


Offer SDP

v=0

o=- 6195478708531201266 2 IN IP4 127.0.0.1

s=-

t=0 0

a=group:BUNDLE video

a=msid-semantic: WMS k8HEhcMzaglIhEaDEifgtuxd8dTuIePIWUZn

m=video 9 UDP/TLS/RTP/SAVPF 100 101 116 117 96 97 98

c=IN IP4 0.0.0.0

a=rtcp:9 IN IP4 0.0.0.0

a=ice-ufrag:XzNwtWq+lo4BD3xN

a=ice-pwd:LHDTiPDKrFQ4YGuwSNoLyPcq

a=fingerprint:sha-256 BC:68:85:7B:C6:E0:27:41:A7:F3:08:E2:07:4A:A7:3D:7B:ED:D3:34:B0:25:07:5F:C0:E3:49:E9:A2:DE:D3:A7

a=setup:actpass

a=mid:video

a=extmap:2 urn:ietf:params:rtp-hdrext:toffset

a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time

a=extmap:4 urn:3gpp:video-orientation

a=sendrecv

a=rtcp-mux

a=rtcp-rsize

a=rtpmap:100 VP8/90000

a=rtcp-fb:100 ccm fir

a=rtcp-fb:100 nack

a=rtcp-fb:100 nack pli

a=rtcp-fb:100 goog-remb

a=rtcp-fb:100 transport-cc

a=rtpmap:101 VP9/90000

a=rtcp-fb:101 ccm fir

a=rtcp-fb:101 nack

a=rtcp-fb:101 nack pli

a=rtcp-fb:101 goog-remb

a=rtcp-fb:101 transport-cc

a=rtpmap:116 red/90000

a=rtpmap:117 ulpfec/90000

a=rtpmap:96 rtx/90000

a=fmtp:96 apt=100

a=rtpmap:97 rtx/90000

a=fmtp:97 apt=101

a=rtpmap:98 rtx/90000

a=fmtp:98 apt=116

a=ssrc-group:FID 1846702105 4183400515

a=ssrc:1846702105 cname:7soPuec+ZSfzuvPe

a=ssrc:1846702105 msid:k8HEhcMzaglIhEaDEifgtuxd8dTuIePIWUZn c031c7c1-0d9e-4f5b-890a-75643f20b574

a=ssrc:1846702105 mslabel:k8HEhcMzaglIhEaDEifgtuxd8dTuIePIWUZn

a=ssrc:1846702105 label:c031c7c1-0d9e-4f5b-890a-75643f20b574

a=ssrc:4183400515 cname:7soPuec+ZSfzuvPe

a=ssrc:4183400515 msid:k8HEhcMzaglIhEaDEifgtuxd8dTuIePIWUZn c031c7c1-0d9e-4f5b-890a-75643f20b574

a=ssrc:4183400515 mslabel:k8HEhcMzaglIhEaDEifgtuxd8dTuIePIWUZn

a=ssrc:4183400515 label:c031c7c1-0d9e-4f5b-890a-75643f20b574


Answer SDP

v=0

o=- 580993745296277 580993745298280 IN IP4 127.0.0.1

s=roxlu

t=0 0

a=ice-lite

m=video 1234 RTP/SAVPF 100

c=IN IP4 192.168.191.2

a=recvonly

a=rtcp-mux

a=connection:new

a=setup:passive

a=fingerprint:sha-256 33:F8:B2:65:F2:F1:F6:75:09:3A:EE:1F:29:4C:43:E7:0B:78:65:38:10:F5:EE:AC:79:99:92:C7:4B:AB:B5:F3

a=ice-ufrag:nxZq

a=ice-pwd:CIY+DNYVMizHXRYUvRtFY1

a=rtpmap:100 VP8/90000

a=rtcp-fb:100 ccm fir

a=rtcp-fb:100 nack

a=rtcp-fb:100 nack pli

a=rtcp-fb:100 goog-remb

a=candidate:1 1 udp 2113929471 192.168.191.2 1234 typ host


Snippet from Chrome log: 

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(687)] OpenSSLStreamAdapter::OnEvent SE_READ

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(799)] ContinueSSL

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(822)]  -- error want read

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(687)] OpenSSLStreamAdapter::OnEvent SE_READ

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(799)] ContinueSSL

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(822)]  -- error want read

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(687)] OpenSSLStreamAdapter::OnEvent SE_READ

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(799)] ContinueSSL

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(822)]  -- error want read

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(687)] OpenSSLStreamAdapter::OnEvent SE_READ

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(799)] ContinueSSL

[10993:33351:0714/114441:VERBOSE1:opensslstreamadapter.cc(809)]  -- success

[10993:33351:0714/114441:INFO:dtlstransportchannel.cc(541)] Jingle:Channel[video|1|__]: DTLS handshake complete.

[10993:33351:0714/114441:VERBOSE1:transportchannel.cc(51)] Jingle:Channel[video|1|__]: set_dtls_state from:1 to 2

[10993:33351:0714/114441:VERBOSE1:transportchannel.cc(38)] Jingle:Channel[video|1|__]: set_writable from:0 to 1

[10993:33351:0714/114441:VERBOSE1:webrtcvideoengine2.cc(1420)] OnReadyToSend: Ready.

[10993:33351:0714/114441:INFO:call.cc(620)] UpdateAggregateNetworkState: aggregate_state=up

[10993:33351:0714/114441:INFO:transportcontroller.cc(516)] video TransportChannel 1 writability changed to 1.

[10993:33351:0714/114441:INFO:channel.cc(817)] Channel writable (video) for the first time

[10993:33547:0714/114441:INFO:webrtcsession.cc(1535)] Changing to ICE completed state because all transports are complete.

[10993:33547:0714/114441:INFO:webrtcsession.cc(1466)] Changing IceConnectionState 1 => 2

[10993:33547:0714/114441:INFO:webrtcsession.cc(1466)] Changing IceConnectionState 2 => 3

[10993:33351:0714/114441:INFO:channel.cc(825)] Using Cand[:3875882298:1:udp:1853759231:192.168.191.x:1234:prflx:192.168.191.2:55686:sWJ3tuybH/Fm00jx:VHFN45dTj401A+f7dMI8vxPO:4:0]->Cand[:1:1:udp:2113929471:192.168.191.x:1234:local::0:nxZq:CIY+DNYVMizHXRYUvRtFY1:0:0]

[10993:33351:0714/114441:ERROR:channel.cc(878)] No DTLS-SRTP selected crypto suite


Thanks

chrome_log.txt
application_log.txt
chrome_dtls_handshake_done_not_starting_srtp.pcapng

Taylor Brandstetter

unread,
Jul 14, 2016, 1:19:53 PM7/14/16
to discuss...@googlegroups.com
It looks like the server hello doesn't include the use_srtp extension. This is what decides the DTLS-SRTP crypto suite.

--

---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/077a9fbd-10cd-4507-b382-e93f25d9c3f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

roxlu

unread,
Jul 14, 2016, 3:12:02 PM7/14/16
to discuss-webrtc
Thanks that was indeed the issue! I was trying to use mbedtls which doesn't support the use_srtp extension yet.



Op donderdag 14 juli 2016 19:19:53 UTC+2 schreef Taylor Brandstetter:

Yusuf Siddiqui

unread,
Sep 18, 2018, 1:38:02 PM9/18/18
to discuss-webrtc
Hi,
Its late but very important hint,may i know where do we find use_srtp extension.Kindly guide.

Thanks in advance.

Regards
Yusuf

Mohd Yusuf Siddiqui

unread,
Sep 18, 2018, 1:48:33 PM9/18/18
to discuss-webrtc
I was able to find,thanks for the keyword hint.

To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/987bda43-3d2f-4ddc-a04a-4d51d9712fa8%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages