[erlang-questions] State of use_srtp ext in DTLS and TLS 1.3 support.
Albin Stigö
albin.stigo@REDACTED
Thu Mar 14 15:38:03 CET 2019
Hi Ingela,
Thanks for the quick reply!
While cb_info certainly is one way of doing it, it feels a bit
complicated... specifically if switching between active and passive
mode. Not sure if ssl ever use passive mode internally? Demuxing is a
different use case, I think..
Something that IMHO would be fantastic and simple (?) would be a
dtls_filter_fun option. If true packet is passed up the ssl stack,
otherwise passed on like a normal udp packet!
There's an RFC regarding the demultiplexing of SRTP/DTLS, it basically
boils down to looking at the first byte of the packet, if it's
[20..63] it should be treated as DTLS otherwise something else. So
this would be absolutely trivial to implement if there was a
dtls_filter_fun...
https://tools.ietf.org/html/rfc7983
Then of course there also has to be a way to bypass DTLS when sending
data... maybe send/3 (Socket, Data, Options)...
What do you think?
--Albin
On Thu, Mar 14, 2019 at 1:52 PM Ingela Andin <ingela.andin@REDACTED> wrote:
>
> Hi!
>
> Den tors 14 mars 2019 kl 12:29 skrev Albin Stigö <albin.stigo@REDACTED>:
>>
>> Hi,
>>
>> I'm working on an Erlang WebRTC peer client (to send audio/video to
>> the browser).
>>
>> WebRTC requires dtls-srtp and that in turn requires:
>>
>> 1. The use_srtp extension for key exchange.
>
>
> We will be implementing this as part of TLS-1.3 that we are currently working on, and we will have something runnable for OTP-22.0, although we are not promising that it will complete or that use_srtp will be part of OTP-22.0
>
>
>>
>> 2. Multiplexing of stun/turn/srtp packets on the socket.
>>
>> I know there's been work towards use_srtp and it's even in the source,
>> but commented out. Ingela has been working on it for OTP 2, I believe,
>> is there an ETA on this feature?
>
>
>>
>>
>>
>> Is multiplexing on the DTLS socket already possible using the cb_info?
>> Has anyone tried that?
>>
>> http://erlang.org/pipermail/erlang-questions/2018-October/096457.html
>>
>
> The code has been written to make such extensions possible. There might be a need for more callbacks. I have not really had time to work on that as
> TLS-1.3, optimizations and erlang distribution over TLS has been prioritized higher. Suggestions are welcome.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
>
>
>>
>>
>> --Albin
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list