[erlang-questions] use_srtp extension for DTLS

Loïc Hoguin essen@REDACTED
Mon Oct 8 13:38:50 CEST 2018 

This seems to be a similar issue to the one I have about tunneling TLS 
connections through TLS proxies (particularly the HTTP/2 case), although 
my proposed solution would probably not work in your case: 
https://bugs.erlang.org/browse/ERL-728

Perhaps we need some kind of socket-less ssl connection process that we 
feed directly and that sends us back whatever encrypted data needs to be 
sent.

On 10/8/18 1:08 PM, Ben Browitt wrote:
> What about being able to handle DTLS, STRP and STUN packets on the same 
> UDP socket?
> It will be best if I could create a UDP socket in my app, filter packets 
> and pass only DTLS packets to the ssl socket/process.
> Without this, DTLS in the ssl app can't be used for WebRTC connections.
> Is this also planned?
> 
> On Mon, Oct 8, 2018 at 1:48 PM Andreas Schultz 
> <andreas.schultz@REDACTED <mailto:andreas.schultz@REDACTED>> 
> wrote:
> 
>     Hi Ingela,
> 
>     Ingela Andin <ingela.andin@REDACTED
>     <mailto:ingela.andin@REDACTED>> schrieb am Mo., 8. Okt. 2018 um
>     12:27 Uhr:
> 
>         Hi!
> 
>         Sorry for late answer. Yes there are plans to include it. It
>         extension is also part of TLS-1.3 that has priority over DTLS at
>         the moment. We have already  done
> 
> 
>     Can't speak for others, but I would prefer if DTLS-1.3 where give
>     the same priority as TLS-1.3.
> 
>     Regards
>     Andreas
> 
>         some internal changes to extension handling to facilitate the
>         implementation of TLS-1.3 and its co-existing with previous
>         versions.  This is in first hand planned for OTP-22.
> 
>         Regards Ingela Erlang/OTP Team - Ericsson AB
> 
> 
>         Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt
>         <ben.browitt@REDACTED <mailto:ben.browitt@REDACTED>>:
> 
>             USE_SRTP is defined in dtls_handshake.hrl [1] but it says
>             it's not supported.
>             Are there plans to support it?
> 
>             [1]
>             https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64
> 
>             On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt
>             <ben.browitt@REDACTED <mailto:ben.browitt@REDACTED>> wrote:
> 
>                 DTLS is missing the use_srtp extension required for
>                 DTLS-SRTP [1].
>                 What's the best way to add it?
> 
>                 We need to encode the extension in ssl_handshake.erl
>                 encode_hello_extensions([use_srtp | Rest], Acc) ->
>                      ExtData = <<0,2,0,1,0>>,
>                      Len = byte_size(ExtData),
>                      encode_hello_extensions(Rest,
>                 <<?UINT16(?USE_SRTP_EXT), ?UINT16(Len), ExtData/binary,
>                 Acc/binary>>).
>                 https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657
> 
>                 Define USE_SRTP_EXT in ssl_handshake.hrl
>                 -define(USE_SRTP_EXT, 14).
> 
>                 Add use_srtp to the hello_extensions record:
>                 https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100
> 
>                 Add use_srtp to hello_extensions_list
>                 https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826
> 
>                 Add use_srtp to client_hello_extensions
>                 https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968
> 
>                 Add use_srtp to the #ssl_options record
>                 https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111
> 
>                 [1] https://tools.ietf.org/html/rfc5764#section-4.1
> 
>                 Thanks
> 
>             _______________________________________________
>             erlang-questions mailing list
>             erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>             http://erlang.org/mailman/listinfo/erlang-questions
> 
>         _______________________________________________
>         erlang-questions mailing list
>         erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>         http://erlang.org/mailman/listinfo/erlang-questions
> 
>     -- 
>     -- 
>     Dipl.-Inform. Andreas Schultz
> 
>     ----------------------- enabling your networks ----------------------
>     Travelping GmbH                     Phone:  +49-391-81 90 99 0
>     Roentgenstr. 13                     Fax:    +49-391-81 90 99 299
>     39108 Magdeburg                     Email: info@REDACTED
>     <mailto:info@REDACTED>
>     GERMANY                             Web: http://www.travelping.com
> 
>     Company Registration: Amtsgericht Stendal        Reg No.:   HRB 10578
>     Geschaeftsfuehrer: Holger Winkelmann          VAT ID No.: DE236673780
>     ---------------------------------------------------------------------
> 
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
Loïc Hoguin
https://ninenines.eu

More information about the erlang-questions mailing list