[erlang-questions] use_srtp extension for DTLS
Andreas Schultz
andreas.schultz@REDACTED
Mon Oct 8 14:30:10 CEST 2018
Ben Browitt <ben.browitt@REDACTED> schrieb am Mo., 8. Okt. 2018 um
13:54 Uhr:
> Andreas, any chance for a simple code showing how to handle SRTP/STUN/DTLS
> with client and server?
>
No, sorry. I don't even have the time to convert my own code to the new
DTLS module, let alone to work on something else.
Andreas
On Mon, Oct 8, 2018 at 2:49 PM Andreas Schultz <
> andreas.schultz@REDACTED> wrote:
>
>> Loïc Hoguin <essen@REDACTED> schrieb am Mo., 8. Okt. 2018 um
>> 13:39 Uhr:
>>
>>> This seems to be a similar issue to the one I have about tunneling TLS
>>> connections through TLS proxies (particularly the HTTP/2 case), although
>>> my proposed solution would probably not work in your case:
>>> https://bugs.erlang.org/browse/ERL-728
>>
>>
>> You can already use the cb_info option with a custom transport module to
>> build that.
>>
>> In theory, the STRP and STUN over DTLS use case should be doable with
>> that as well.
>> Ingela recently fixed a few things in the DTLS module recently [1] to
>> make this work.
>>
>> I always meant to port my CAPWAP DTLS use case to this, but havn't gotten
>> the
>> time to actually to it.
>>
>> Andreas
>>
>> [1]:
>> https://github.com/erlang/otp/commit/72aaa1bb0cd2352fc8708a1a89b44e5791f49356
>>
>>
>>>
>>> Perhaps we need some kind of socket-less ssl connection process that we
>>> feed directly and that sends us back whatever encrypted data needs to be
>>> sent.
>>>
>>> On 10/8/18 1:08 PM, Ben Browitt wrote:
>>> > What about being able to handle DTLS, STRP and STUN packets on the
>>> same
>>> > UDP socket?
>>> > It will be best if I could create a UDP socket in my app, filter
>>> packets
>>> > and pass only DTLS packets to the ssl socket/process.
>>> > Without this, DTLS in the ssl app can't be used for WebRTC connections.
>>> > Is this also planned?
>>> >
>>> > On Mon, Oct 8, 2018 at 1:48 PM Andreas Schultz
>>> > <andreas.schultz@REDACTED <mailto:andreas.schultz@REDACTED>>
>>>
>>> > wrote:
>>> >
>>> > Hi Ingela,
>>> >
>>> > Ingela Andin <ingela.andin@REDACTED
>>> > <mailto:ingela.andin@REDACTED>> schrieb am Mo., 8. Okt. 2018 um
>>> > 12:27 Uhr:
>>> >
>>> > Hi!
>>> >
>>> > Sorry for late answer. Yes there are plans to include it. It
>>> > extension is also part of TLS-1.3 that has priority over DTLS
>>> at
>>> > the moment. We have already done
>>> >
>>> >
>>> > Can't speak for others, but I would prefer if DTLS-1.3 where give
>>> > the same priority as TLS-1.3.
>>> >
>>> > Regards
>>> > Andreas
>>> >
>>> > some internal changes to extension handling to facilitate the
>>> > implementation of TLS-1.3 and its co-existing with previous
>>> > versions. This is in first hand planned for OTP-22.
>>> >
>>> > Regards Ingela Erlang/OTP Team - Ericsson AB
>>> >
>>> >
>>> > Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt
>>> > <ben.browitt@REDACTED <mailto:ben.browitt@REDACTED>>:
>>> >
>>> > USE_SRTP is defined in dtls_handshake.hrl [1] but it says
>>> > it's not supported.
>>> > Are there plans to support it?
>>> >
>>> > [1]
>>> >
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64
>>> >
>>> > On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt
>>> > <ben.browitt@REDACTED <mailto:ben.browitt@REDACTED>>
>>> wrote:
>>> >
>>> > DTLS is missing the use_srtp extension required for
>>> > DTLS-SRTP [1].
>>> > What's the best way to add it?
>>> >
>>> > We need to encode the extension in ssl_handshake.erl
>>> > encode_hello_extensions([use_srtp | Rest], Acc) ->
>>> > ExtData = <<0,2,0,1,0>>,
>>> > Len = byte_size(ExtData),
>>> > encode_hello_extensions(Rest,
>>> > <<?UINT16(?USE_SRTP_EXT), ?UINT16(Len), ExtData/binary,
>>> > Acc/binary>>).
>>> >
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657
>>> >
>>> > Define USE_SRTP_EXT in ssl_handshake.hrl
>>> > -define(USE_SRTP_EXT, 14).
>>> >
>>> > Add use_srtp to the hello_extensions record:
>>> >
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100
>>> >
>>> > Add use_srtp to hello_extensions_list
>>> >
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826
>>> >
>>> > Add use_srtp to client_hello_extensions
>>> >
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968
>>> >
>>> > Add use_srtp to the #ssl_options record
>>> >
>>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111
>>> >
>>> > [1] https://tools.ietf.org/html/rfc5764#section-4.1
>>> >
>>> > Thanks
>>> >
>>> > _______________________________________________
>>> > erlang-questions mailing list
>>> > erlang-questions@REDACTED <mailto:
>>> erlang-questions@REDACTED>
>>> > http://erlang.org/mailman/listinfo/erlang-questions
>>> >
>>> > _______________________________________________
>>> > erlang-questions mailing list
>>> > erlang-questions@REDACTED <mailto:
>>> erlang-questions@REDACTED>
>>> > http://erlang.org/mailman/listinfo/erlang-questions
>>> >
>>> > --
>>> > --
>>> > Dipl.-Inform. Andreas Schultz
>>> >
>>> > ----------------------- enabling your networks
>>> ----------------------
>>> > Travelping GmbH Phone: +49-391-81 90 99 0
>>> > Roentgenstr. 13 Fax: +49-391-81 90 99 299
>>> <+49%20391%20819099299>
>>> > 39108 Magdeburg Email: info@REDACTED
>>> > <mailto:info@REDACTED>
>>> > GERMANY Web: http://www.travelping.com
>>> >
>>> > Company Registration: Amtsgericht Stendal Reg No.: HRB
>>> 10578
>>> > Geschaeftsfuehrer: Holger Winkelmann VAT ID No.:
>>> DE236673780
>>> >
>>> ---------------------------------------------------------------------
>>> >
>>> >
>>> > _______________________________________________
>>> > erlang-questions mailing list
>>> > erlang-questions@REDACTED
>>> > http://erlang.org/mailman/listinfo/erlang-questions
>>> >
>>>
>>> --
>>> Loïc Hoguin
>>> https://ninenines.eu
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>> --
>> --
>> Dipl.-Inform. Andreas Schultz
>>
>> ----------------------- enabling your networks ----------------------
>> Travelping GmbH Phone: +49-391-81 90 99 0
>> Roentgenstr. 13 Fax: +49-391-81 90 99 299
>> <+49%20391%20819099299>
>> 39108 Magdeburg Email: info@REDACTED
>> GERMANY Web: http://www.travelping.com
>>
>> Company Registration: Amtsgericht Stendal Reg No.: HRB 10578
>> Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780
>> ---------------------------------------------------------------------
>>
> --
--
Dipl.-Inform. Andreas Schultz
----------------------- enabling your networks ----------------------
Travelping GmbH Phone: +49-391-81 90 99 0
Roentgenstr. 13 Fax: +49-391-81 90 99 299
39108 Magdeburg Email: info@REDACTED
GERMANY Web: http://www.travelping.com
Company Registration: Amtsgericht Stendal Reg No.: HRB 10578
Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780
---------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181008/ba6c7fbb/attachment.htm>
More information about the erlang-questions
mailing list