[erlang-questions] use_srtp extension for DTLS

Ben Browitt ben.browitt@REDACTED
Mon Oct 8 13:08:45 CEST 2018


What about being able to handle DTLS, STRP and STUN packets on the same UDP
socket?
It will be best if I could create a UDP socket in my app, filter packets
and pass only DTLS packets to the ssl socket/process.
Without this, DTLS in the ssl app can't be used for WebRTC connections.
Is this also planned?

On Mon, Oct 8, 2018 at 1:48 PM Andreas Schultz <
andreas.schultz@REDACTED> wrote:

> Hi Ingela,
>
> Ingela Andin <ingela.andin@REDACTED> schrieb am Mo., 8. Okt. 2018 um
> 12:27 Uhr:
>
>> Hi!
>>
>> Sorry for late answer. Yes there are plans to include it. It extension is
>> also part of TLS-1.3 that has priority over DTLS at the moment. We have
>> already  done
>>
>
> Can't speak for others, but I would prefer if DTLS-1.3 where give the same
> priority as TLS-1.3.
>
> Regards
> Andreas
>
> some internal changes to extension handling to facilitate the
>> implementation of TLS-1.3 and its co-existing with previous versions.  This
>> is in first hand planned for OTP-22.
>>
>> Regards Ingela Erlang/OTP Team - Ericsson AB
>>
>>
>> Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt <ben.browitt@REDACTED>:
>>
>>> USE_SRTP is defined in dtls_handshake.hrl [1] but it says it's not
>>> supported.
>>> Are there plans to support it?
>>>
>>> [1]
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64
>>>
>>> On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt <ben.browitt@REDACTED>
>>> wrote:
>>>
>>>> DTLS is missing the use_srtp extension required for DTLS-SRTP [1].
>>>> What's the best way to add it?
>>>>
>>>> We need to encode the extension in ssl_handshake.erl
>>>> encode_hello_extensions([use_srtp | Rest], Acc) ->
>>>>     ExtData = <<0,2,0,1,0>>,
>>>>     Len = byte_size(ExtData),
>>>>     encode_hello_extensions(Rest, <<?UINT16(?USE_SRTP_EXT),
>>>> ?UINT16(Len), ExtData/binary, Acc/binary>>).
>>>>
>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657
>>>>
>>>> Define USE_SRTP_EXT in ssl_handshake.hrl
>>>> -define(USE_SRTP_EXT, 14).
>>>>
>>>> Add use_srtp to the hello_extensions record:
>>>>
>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100
>>>>
>>>> Add use_srtp to hello_extensions_list
>>>>
>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826
>>>>
>>>> Add use_srtp to client_hello_extensions
>>>>
>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968
>>>>
>>>> Add use_srtp to the #ssl_options record
>>>>
>>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111
>>>>
>>>> [1] https://tools.ietf.org/html/rfc5764#section-4.1
>>>>
>>>> Thanks
>>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
> --
> --
> Dipl.-Inform. Andreas Schultz
>
> ----------------------- enabling your networks ----------------------
> Travelping GmbH                     Phone:  +49-391-81 90 99 0
> Roentgenstr. 13                     Fax:    +49-391-81 90 99 299
> 39108 Magdeburg                     Email:  info@REDACTED
> GERMANY                             Web:    http://www.travelping.com
>
> Company Registration: Amtsgericht Stendal        Reg No.:   HRB 10578
> Geschaeftsfuehrer: Holger Winkelmann          VAT ID No.: DE236673780
> ---------------------------------------------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181008/0acf2ada/attachment.htm>


More information about the erlang-questions mailing list