[erlang-questions] use_srtp extension for DTLS

Ben Browitt ben.browitt@REDACTED
Mon Oct 8 13:53:43 CEST 2018


Andreas, any chance for a simple code showing how to handle SRTP/STUN/DTLS
with client and server?


On Mon, Oct 8, 2018 at 2:49 PM Andreas Schultz <
andreas.schultz@REDACTED> wrote:

> Loïc Hoguin <essen@REDACTED> schrieb am Mo., 8. Okt. 2018 um
> 13:39 Uhr:
>
>> This seems to be a similar issue to the one I have about tunneling TLS
>> connections through TLS proxies (particularly the HTTP/2 case), although
>> my proposed solution would probably not work in your case:
>> https://bugs.erlang.org/browse/ERL-728
>
>
> You can already use the cb_info option with a custom transport module to
> build that.
>
> In theory, the STRP and STUN over DTLS use case should be doable with that
> as well.
> Ingela recently fixed a few things in the DTLS module recently [1] to make
> this work.
>
> I always meant to port my CAPWAP DTLS use case to this, but havn't gotten
> the
> time to actually to it.
>
> Andreas
>
> [1]:
> https://github.com/erlang/otp/commit/72aaa1bb0cd2352fc8708a1a89b44e5791f49356
>
>
>>
>> Perhaps we need some kind of socket-less ssl connection process that we
>> feed directly and that sends us back whatever encrypted data needs to be
>> sent.
>>
>> On 10/8/18 1:08 PM, Ben Browitt wrote:
>> > What about being able to handle DTLS, STRP and STUN packets on the same
>> > UDP socket?
>> > It will be best if I could create a UDP socket in my app, filter
>> packets
>> > and pass only DTLS packets to the ssl socket/process.
>> > Without this, DTLS in the ssl app can't be used for WebRTC connections.
>> > Is this also planned?
>> >
>> > On Mon, Oct 8, 2018 at 1:48 PM Andreas Schultz
>> > <andreas.schultz@REDACTED <mailto:andreas.schultz@REDACTED>>
>>
>> > wrote:
>> >
>> >     Hi Ingela,
>> >
>> >     Ingela Andin <ingela.andin@REDACTED
>> >     <mailto:ingela.andin@REDACTED>> schrieb am Mo., 8. Okt. 2018 um
>> >     12:27 Uhr:
>> >
>> >         Hi!
>> >
>> >         Sorry for late answer. Yes there are plans to include it. It
>> >         extension is also part of TLS-1.3 that has priority over DTLS at
>> >         the moment. We have already  done
>> >
>> >
>> >     Can't speak for others, but I would prefer if DTLS-1.3 where give
>> >     the same priority as TLS-1.3.
>> >
>> >     Regards
>> >     Andreas
>> >
>> >         some internal changes to extension handling to facilitate the
>> >         implementation of TLS-1.3 and its co-existing with previous
>> >         versions.  This is in first hand planned for OTP-22.
>> >
>> >         Regards Ingela Erlang/OTP Team - Ericsson AB
>> >
>> >
>> >         Den mån 8 okt. 2018 kl 06:58 skrev Ben Browitt
>> >         <ben.browitt@REDACTED <mailto:ben.browitt@REDACTED>>:
>> >
>> >             USE_SRTP is defined in dtls_handshake.hrl [1] but it says
>> >             it's not supported.
>> >             Are there plans to support it?
>> >
>> >             [1]
>> >
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/dtls_handshake.hrl#L64
>> >
>> >             On Mon, Oct 1, 2018 at 11:27 AM Ben Browitt
>> >             <ben.browitt@REDACTED <mailto:ben.browitt@REDACTED>>
>> wrote:
>> >
>> >                 DTLS is missing the use_srtp extension required for
>> >                 DTLS-SRTP [1].
>> >                 What's the best way to add it?
>> >
>> >                 We need to encode the extension in ssl_handshake.erl
>> >                 encode_hello_extensions([use_srtp | Rest], Acc) ->
>> >                      ExtData = <<0,2,0,1,0>>,
>> >                      Len = byte_size(ExtData),
>> >                      encode_hello_extensions(Rest,
>> >                 <<?UINT16(?USE_SRTP_EXT), ?UINT16(Len), ExtData/binary,
>> >                 Acc/binary>>).
>> >
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L657
>> >
>> >                 Define USE_SRTP_EXT in ssl_handshake.hrl
>> >                 -define(USE_SRTP_EXT, 14).
>> >
>> >                 Add use_srtp to the hello_extensions record:
>> >
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.hrl#L100
>> >
>> >                 Add use_srtp to hello_extensions_list
>> >
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L1826
>> >
>> >                 Add use_srtp to client_hello_extensions
>> >
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_handshake.erl#L968
>> >
>> >                 Add use_srtp to the #ssl_options record
>> >
>> https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_internal.hrl#L111
>> >
>> >                 [1] https://tools.ietf.org/html/rfc5764#section-4.1
>> >
>> >                 Thanks
>> >
>> >             _______________________________________________
>> >             erlang-questions mailing list
>> >             erlang-questions@REDACTED <mailto:
>> erlang-questions@REDACTED>
>> >             http://erlang.org/mailman/listinfo/erlang-questions
>> >
>> >         _______________________________________________
>> >         erlang-questions mailing list
>> >         erlang-questions@REDACTED <mailto:erlang-questions@REDACTED
>> >
>> >         http://erlang.org/mailman/listinfo/erlang-questions
>> >
>> >     --
>> >     --
>> >     Dipl.-Inform. Andreas Schultz
>> >
>> >     ----------------------- enabling your networks
>> ----------------------
>> >     Travelping GmbH                     Phone:  +49-391-81 90 99 0
>> >     Roentgenstr. 13                     Fax:    +49-391-81 90 99 299
>> <+49%20391%20819099299>
>> >     39108 Magdeburg                     Email: info@REDACTED
>> >     <mailto:info@REDACTED>
>> >     GERMANY                             Web: http://www.travelping.com
>> >
>> >     Company Registration: Amtsgericht Stendal        Reg No.:   HRB
>> 10578
>> >     Geschaeftsfuehrer: Holger Winkelmann          VAT ID No.:
>> DE236673780
>> >
>>  ---------------------------------------------------------------------
>> >
>> >
>> > _______________________________________________
>> > erlang-questions mailing list
>> > erlang-questions@REDACTED
>> > http://erlang.org/mailman/listinfo/erlang-questions
>> >
>>
>> --
>> Loïc Hoguin
>> https://ninenines.eu
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
> --
> --
> Dipl.-Inform. Andreas Schultz
>
> ----------------------- enabling your networks ----------------------
> Travelping GmbH                     Phone:  +49-391-81 90 99 0
> Roentgenstr. 13                     Fax:    +49-391-81 90 99 299
> 39108 Magdeburg                     Email:  info@REDACTED
> GERMANY                             Web:    http://www.travelping.com
>
> Company Registration: Amtsgericht Stendal        Reg No.:   HRB 10578
> Geschaeftsfuehrer: Holger Winkelmann          VAT ID No.: DE236673780
> ---------------------------------------------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181008/b3accc46/attachment.htm>


More information about the erlang-questions mailing list