<div dir="ltr"><div>Andreas, any chance for a simple code showing how to handle SRTP/STUN/DTLS with client and server?</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 8, 2018 at 2:49 PM Andreas Schultz <<a href="mailto:andreas.schultz@travelping.com">andreas.schultz@travelping.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div dir="ltr">Loïc Hoguin <<a href="mailto:essen@ninenines.eu" target="_blank">essen@ninenines.eu</a>> schrieb am Mo., 8. Okt. 2018 um 13:39 Uhr:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This seems to be a similar issue to the one I have about tunneling TLS <br>
connections through TLS proxies (particularly the HTTP/2 case), although <br>
my proposed solution would probably not work in your case: <br>
<a href="https://bugs.erlang.org/browse/ERL-728" rel="noreferrer" target="_blank">https://bugs.erlang.org/browse/ERL-728</a></blockquote><div><br></div><div>You can already use the cb_info option with a custom transport module to build that. </div><div><br></div><div>In theory, the STRP and STUN over DTLS use case should be doable with that as well.</div><div>Ingela recently fixed a few things in the DTLS module recently [1] to make this work.</div><div><br></div><div>I always meant to port my CAPWAP DTLS use case to this, but havn't gotten the</div><div>time to actually to it.</div><div><br></div><div>Andreas</div><div><br></div><div>[1]: <a href="https://github.com/erlang/otp/commit/72aaa1bb0cd2352fc8708a1a89b44e5791f49356" target="_blank">https://github.com/erlang/otp/commit/72aaa1bb0cd2352fc8708a1a89b44e5791f49356</a><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Perhaps we need some kind of socket-less ssl connection process that we <br>
feed directly and that sends us back whatever encrypted data needs to be <br>
sent.<br>
<br>
On 10/8/18 1:08 PM, Ben Browitt wrote:<br>
> What about being able to handle DTLS, STRP and STUN packets on the same <br>
> UDP socket?<br>
> It will be best if I could create a UDP socket in my app, filter packets <br>
> and pass only DTLS packets to the ssl socket/process.<br>
> Without this, DTLS in the ssl app can't be used for WebRTC connections.<br>
> Is this also planned?<br>
> <br>
> On Mon, Oct 8, 2018 at 1:48 PM Andreas Schultz <br>
> <<a href="mailto:andreas.schultz@travelping.com" target="_blank">andreas.schultz@travelping.com</a> <mailto:<a href="mailto:andreas.schultz@travelping.com" target="_blank">andreas.schultz@travelping.com</a>>> <br>
> wrote:<br>
> <br>
> Hi Ingela,<br>
> <br>
> Ingela Andin <<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a><br>
> <mailto:<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a>>> schrieb am Mo., 8. Okt. 2018 um<br>
> 12:27 Uhr:<br>
> <br>
> Hi!<br>
> <br>
> Sorry for late answer. Yes there are plans to include it. It<br>
> extension is also part of TLS-1.3 that has priority over DTLS at<br>
> the moment. We have already done<br>
> <br>
> <br>
> Can't speak for others, but I would prefer if DTLS-1.3 where give<br>
> the same priority as TLS-1.3.<br>
> <br>
> Regards<br>
> Andreas<br>
> <br>
> some internal changes to extension handling to facilitate the<br>
> implementation of TLS-1.3 and its co-existing with previous<br>
> versions. This is in first hand planned for OTP-22.<br>
> <br>
> Regards Ingela Erlang/OTP Team - Ericsson AB<br>
> <br>
> <br>
> Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt<br>
> <<a href="mailto:ben.browitt@gmail.com" target="_blank">ben.browitt@gmail.com</a> <mailto:<a href="mailto:ben.browitt@gmail.com" target="_blank">ben.browitt@gmail.com</a>>>:<br>
> <br>
> USE_SRTP is defined in dtls_handshake.hrl [1] but it says<br>
> it's not supported.<br>
> Are there plans to support it?<br>
> <br>
> [1]<br>
> <a href="https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64" rel="noreferrer" target="_blank">https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64</a><br>
> <br>
> On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt<br>
> <<a href="mailto:ben.browitt@gmail.com" target="_blank">ben.browitt@gmail.com</a> <mailto:<a href="mailto:ben.browitt@gmail.com" target="_blank">ben.browitt@gmail.com</a>>> wrote:<br>
> <br>
> DTLS is missing the use_srtp extension required for<br>
> DTLS-SRTP [1].<br>
> What's the best way to add it?<br>
> <br>
> We need to encode the extension in ssl_handshake.erl<br>
> encode_hello_extensions([use_srtp | Rest], Acc) -><br>
> ExtData = <<0,2,0,1,0>>,<br>
> Len = byte_size(ExtData),<br>
> encode_hello_extensions(Rest,<br>
> <<?UINT16(?USE_SRTP_EXT), ?UINT16(Len), ExtData/binary,<br>
> Acc/binary>>).<br>
> <a href="https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657" rel="noreferrer" target="_blank">https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657</a><br>
> <br>
> Define USE_SRTP_EXT in ssl_handshake.hrl<br>
> -define(USE_SRTP_EXT, 14).<br>
> <br>
> Add use_srtp to the hello_extensions record:<br>
> <a href="https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100" rel="noreferrer" target="_blank">https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100</a><br>
> <br>
> Add use_srtp to hello_extensions_list<br>
> <a href="https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826" rel="noreferrer" target="_blank">https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826</a><br>
> <br>
> Add use_srtp to client_hello_extensions<br>
> <a href="https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968" rel="noreferrer" target="_blank">https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968</a><br>
> <br>
> Add use_srtp to the #ssl_options record<br>
> <a href="https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111" rel="noreferrer" target="_blank">https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111</a><br>
> <br>
> [1] <a href="https://tools.ietf.org/html/rfc5764#section-4.1" rel="noreferrer" target="_blank">https://tools.ietf.org/html/rfc5764#section-4.1</a><br>
> <br>
> Thanks<br>
> <br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a> <mailto:<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
> <br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a> <mailto:<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
> <br>
> -- <br>
> -- <br>
> Dipl.-Inform. Andreas Schultz<br>
> <br>
> ----------------------- enabling your networks ----------------------<br>
> Travelping GmbH Phone: +49-391-81 90 99 0<br>
> Roentgenstr. 13 Fax: <a href="tel:+49%20391%20819099299" value="+49391819099299" target="_blank">+49-391-81 90 99 299</a><br>
> 39108 Magdeburg Email: <a href="mailto:info@travelping.com" target="_blank">info@travelping.com</a><br>
> <mailto:<a href="mailto:info@travelping.com" target="_blank">info@travelping.com</a>><br>
> GERMANY Web: <a href="http://www.travelping.com" rel="noreferrer" target="_blank">http://www.travelping.com</a><br>
> <br>
> Company Registration: Amtsgericht Stendal Reg No.: HRB 10578<br>
> Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780<br>
> ---------------------------------------------------------------------<br>
> <br>
> <br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
> <br>
<br>
-- <br>
Loïc Hoguin<br>
<a href="https://ninenines.eu" rel="noreferrer" target="_blank">https://ninenines.eu</a><br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote></div></div>-- <br><div dir="ltr" class="m_-5408528405408241671gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span style="font-family:monospace,monospace">-- <br>Dipl.-Inform. Andreas Schultz<br><br>----------------------- enabling your networks ----------------------<br>Travelping GmbH Phone: +49-391-81 90 99 0<br>Roentgenstr. 13 Fax: +49-391-81 90 99 299<br>39108 Magdeburg Email: <a href="mailto:info@travelping.com" target="_blank">info@travelping.com</a><br>GERMANY Web: <a href="http://www.travelping.com" target="_blank">http://www.travelping.com</a><br><br></span><div><span style="font-family:monospace,monospace">Company Registration: Amtsgericht Stendal Reg No.: HRB 10578</span></div><span style="font-family:monospace,monospace">Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780<br>---------------------------------------------------------------------</span></div></div>
</blockquote></div>