info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
how to disable SRTP
172 views
Skip to first unread message
Alexander Abagian
Mar 1, 2019, 12:00:38 PM3/1/19
to mozilla-...@lists.mozilla.org
Hi,
I know that Firefox does not have such a useful thing as -disable-webrtc-encryption. Could somebody recommend a way to modify Firefox sources to build a custom build with SRTP off ? Best of all if DTLS would stay on but SRTP does not encrypt RTP. I need to investigate H.264 in Wireshark.
The way to make a text RTP log and converting it to pcap seems to be too annoying.
I know that Firefox does not have such a useful thing as -disable-webrtc-encryption. Could somebody recommend a way to modify Firefox sources to build a custom build with SRTP off ? Best of all if DTLS would stay on but SRTP does not encrypt RTP. I need to investigate H.264 in Wireshark.
The way to make a text RTP log and converting it to pcap seems to be too annoying.
Nils Ohlmeier
Mar 1, 2019, 3:23:22 PM3/1/19
to Alexander Abagian, mozilla-...@lists.mozilla.org
Hi Alexander,
> On 1Mar, 2019, at 09:00, Alexander Abagian <aaba...@gmail.com> wrote:
> I know that Firefox does not have such a useful thing as -disable-webrtc-encryption. Could somebody recommend a way to modify Firefox sources to build a custom build with SRTP off ? Best of all if DTLS would stay on but SRTP does not encrypt RTP. I need to investigate H.264 in Wireshark.
>
> The way to make a text RTP log and converting it to pcap seems to be too annoying.
I see this as user security vs. developer convenience trade off. How often do you as a developer need to have network packets in the clear?
I would assume you are debugging one problem for a couple of days or weeks. And then you don’t need that feature for a long time any more.
Where is having the code ready in the build product to disable encryption is an additional risk for the user to be abused.
And why would you want DTLS with SRTP disabled?
It’s only needed to negotiate the keys for SRTP and for continuously protecting the data channel.
Best regards
Nils Ohlmeier
> On 1Mar, 2019, at 09:00, Alexander Abagian <aaba...@gmail.com> wrote:
> I know that Firefox does not have such a useful thing as -disable-webrtc-encryption. Could somebody recommend a way to modify Firefox sources to build a custom build with SRTP off ? Best of all if DTLS would stay on but SRTP does not encrypt RTP. I need to investigate H.264 in Wireshark.
>
> The way to make a text RTP log and converting it to pcap seems to be too annoying.
I would assume you are debugging one problem for a couple of days or weeks. And then you don’t need that feature for a long time any more.
Where is having the code ready in the build product to disable encryption is an additional risk for the user to be abused.
And why would you want DTLS with SRTP disabled?
It’s only needed to negotiate the keys for SRTP and for continuously protecting the data channel.
Best regards
Nils Ohlmeier
Martin Thomson
Mar 1, 2019, 4:22:50 PM3/1/19
to Nils Ohlmeier, Alexander Abagian, mozilla-...@lists.mozilla.org
SSLKEYLOGFILE integration with SRTP might be a better long term solution
here.
> _______________________________________________
> dev-media mailing list
> dev-...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-media
>
here.
> dev-media mailing list
> dev-...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-media
>
Alexander Abagian
Mar 4, 2019, 10:38:04 AM3/4/19
to mozilla-...@lists.mozilla.org
Hi Nils,
Actually, I need it quite often.
Our server works with different client types, as a SFU or a mixing MCU, and the guys every day modify something there. Usually "no video" issue arises, and I have to guess if they have"improved" some feature, or it's a new browser fix or bug. I'd like to see real packet mode and codec profile in the traffic, and contents of the RTCP packets, which is often encrypted too, to be sure the problem is not there.
I don't think that Firefox Developer being started with a command line flag would a big security impact. Escpecially, if it is a special custom build.
On Friday, March 1, 2019 at 11:23:22 PM UTC+3, Nils Ohlmeier wrote:
> Hi Alexander,
>
Actually, I need it quite often.
Our server works with different client types, as a SFU or a mixing MCU, and the guys every day modify something there. Usually "no video" issue arises, and I have to guess if they have"improved" some feature, or it's a new browser fix or bug. I'd like to see real packet mode and codec profile in the traffic, and contents of the RTCP packets, which is often encrypted too, to be sure the problem is not there.
I don't think that Firefox Developer being started with a command line flag would a big security impact. Escpecially, if it is a special custom build.
On Friday, March 1, 2019 at 11:23:22 PM UTC+3, Nils Ohlmeier wrote:
> Hi Alexander,
>
Alexander Abagian
Mar 4, 2019, 10:41:22 AM3/4/19
to mozilla-...@lists.mozilla.org
DTLS - for testing purpose, it'll be better if the server and the client use the same code blocks as it is usual.
0 new messages