Opened 4 years ago

Closed 4 years ago

#2257 closed enhancement (fixed)

Filter SRTP crypto for setting DTLS-SRTP profile supported by by OpenSSL

Reported by: riza Owned by: riza
Priority: normal Milestone: release-2.10
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Currently, SRTP crypto is used to get the SRTP profile for DTLS even though it is not supported by OpenSSL.
These are the supported SRTP profile (based on ssl/d1_srtp.c of OpenSSL): SRTP_AES128_CM_SHA1_80, SRTP_AES128_CM_SHA1_32, SRTP_AEAD_AES_256_GCM,SRTP_AEAD_AES_128_GCM.
However when using older OpenSSL (e.g: 1.0.2), AES_GCM is not yet supported and it will lead to error.

15:40:06.561     dtls0x7f34f40123b0  .Setting crypto [:SRTP_AEAD_AES_256_GCM:SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32], errcode=1
15:40:06.561                OpenSSL  .error 336810348 - srtp unknown protection profile

This ticket will filter the SRTP crypto when used to set the SRTP profile.
e.g: AES_GCM will be filtered out from SRTP crypto if the OpenSSL doesn't support it, thus preventing the error.

Change History (1)

comment:1 Changed 4 years ago by riza

  • Owner set to riza
  • Resolution set to fixed
  • Status changed from new to closed

In 6118:

Close #2257: Filter SRTP crypto setting for DTLS-SRTP profile.

Note: See TracTickets for help on using tickets.