[erlang-questions] use_srtp extension for DTLS

Ingela Andin ingela.andin@REDACTED
Mon Oct 8 12:26:42 CEST 2018


Hi!

Sorry for late answer. Yes there are plans to include it. It extension is
also part of TLS-1.3 that has priority over DTLS at the moment. We have
already  done
some internal changes to extension handling to facilitate the
implementation of TLS-1.3 and its co-existing with previous versions.  This
is in first hand planned for OTP-22.

Regards Ingela Erlang/OTP Team - Ericsson AB

Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt <ben.browitt@REDACTED>:

> USE_SRTP is defined in dtls_handshake.hrl [1] but it says it's not
> supported.
> Are there plans to support it?
>
> [1]
> https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64
>
> On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt <ben.browitt@REDACTED> wrote:
>
>> DTLS is missing the use_srtp extension required for DTLS-SRTP [1].
>> What's the best way to add it?
>>
>> We need to encode the extension in ssl_handshake.erl
>> encode_hello_extensions([use_srtp | Rest], Acc) ->
>>     ExtData = <<0,2,0,1,0>>,
>>     Len = byte_size(ExtData),
>>     encode_hello_extensions(Rest, <<?UINT16(?USE_SRTP_EXT), ?UINT16(Len),
>> ExtData/binary, Acc/binary>>).
>>
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657
>>
>> Define USE_SRTP_EXT in ssl_handshake.hrl
>> -define(USE_SRTP_EXT, 14).
>>
>> Add use_srtp to the hello_extensions record:
>>
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100
>>
>> Add use_srtp to hello_extensions_list
>>
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826
>>
>> Add use_srtp to client_hello_extensions
>>
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968
>>
>> Add use_srtp to the #ssl_options record
>>
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111
>>
>> [1] https://tools.ietf.org/html/rfc5764#section-4.1
>>
>> Thanks
>>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181008/2ae84cae/attachment.htm>


More information about the erlang-questions mailing list