Opened 5 years ago
Closed 5 years ago
#2257 closed enhancement (fixed)
Filter SRTP crypto for setting DTLS-SRTP profile supported by by OpenSSL
Reported by: | riza | Owned by: | riza |
---|---|---|---|
Priority: | normal | Milestone: | release-2.10 |
Component: | pjmedia | Version: | trunk |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: | no |
Description
Currently, SRTP crypto is used to get the SRTP profile for DTLS even though it is not supported by OpenSSL.
These are the supported SRTP profile (based on ssl/d1_srtp.c of OpenSSL): SRTP_AES128_CM_SHA1_80, SRTP_AES128_CM_SHA1_32, SRTP_AEAD_AES_256_GCM,SRTP_AEAD_AES_128_GCM.
However when using older OpenSSL (e.g: 1.0.2), AES_GCM is not yet supported and it will lead to error.
15:40:06.561 dtls0x7f34f40123b0 .Setting crypto [:SRTP_AEAD_AES_256_GCM:SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32], errcode=1 15:40:06.561 OpenSSL .error 336810348 - srtp unknown protection profile
This ticket will filter the SRTP crypto when used to set the SRTP profile.
e.g: AES_GCM will be filtered out from SRTP crypto if the OpenSSL doesn't support it, thus preventing the error.
Change History (1)
comment:1 Changed 5 years ago by riza
- Owner set to riza
- Resolution set to fixed
- Status changed from new to closed
In 6118: