187 questions
0
votes
0
answers
48
views
Facing issues in decrypting SRTP packets using SRTP_AES128_CM_HMAC_SHA1_80 profile
I am trying to implement DTLS-SRTP in Node.js. The client is a Chrome WebRTC agent and my Node.js implementation acts as the DTLS server.
The client sends a RTP stream consisting of VP8 packets to my ...
- 141
1
vote
4
answers
95
views
Decrypting GenericAEADCipher is failing. What am I doing wrong?
I am trying to implement a DTLS server in nodejs. When I try to decrypt the EncryptedHandshakeMessage from the client, I am getting the following error.
Error: Unsupported state or unable to ...
- 141
0
votes
1
answer
86
views
Generate ECDSA BouncyCastle certificate without EC named parameters
I'm attempting to generate an X509 ECDSA certificate using BouncyCastle to use for a WebRTC DTLS handshake.
The method below generates a valid certificate that is understood by openssl but it's ...
- 30.7k
0
votes
0
answers
13
views
Is it possible to set a particular cipher suite on the webrtcbin for debugging
I want to set a particular cipher suite on the webrtcbin for debugging a cipher algorithms and implementation , is it possible to force Gstreamer client to select a particular cipher for WebRTC ...
- 662
2
votes
2
answers
301
views
Cannot figure out why DTLS handshake does not complete
I am writing a small WebRTC client as a hobby project , right now I am stuck in DTLS implementation and cannot figure out what is going wrong with the DTLS handshake.
I am trying to make a p2p WebRTC ...
- 662
0
votes
1
answer
75
views
When does DTLS negotiation start in WebRTC?
I am implementing the WebRTC stack from scratch as a hobby project. I cannot understand when the DTLS negotiation is supposed to start? BEFORE or AFTER the candidate nomination is completed with a ...
- 662
0
votes
0
answers
75
views
how to create dtls server using pyopenssl
Im very new to this,
I need to do the following command as a python code using the library pyopenssl.
openssl s_server -dtls -cert certfile -key keyfile -cert_chain chainfile -accept ipaddress:port
...
0
votes
0
answers
75
views
python-mbedtls TLS Server and Client using certificates
I am trying to set up a simple client and server using python-mbedtls, where only the server shall be certificated via one intermediate certificate. I was able to make it work without an intermediate ...
- 19
0
votes
0
answers
27
views
Define DH parametes in python-mbedtls
I'm using python-mbedtls library - https://github.com/Synss/python-mbedtls/tree/master
my goal is to create handshake with different cipher suites,
I've managed to do so with the given server and ...
0
votes
0
answers
47
views
Handshaking not happening between client and server
I am trying a DTLS communication between server and client using python3-dtls. Below are the server code and client code. Once the server is set to listen(), it starts the handshaking procedure but it ...
- 1
0
votes
0
answers
36
views
DTLS element in gstreamer pipeline
I have these two pipelines for server and client
gst-launch-1.0 videotestsrc ! videoconvert ! x264enc ! queue ! udpsink host=127.0.0.1 port=1234
gst-launch-1.0 udpsrc port=1234 ! queue ! h264parse ! ...
- 413
0
votes
0
answers
138
views
DTLS in Python via python-mbedtls
I have to implement DTLS protocol on the top of existing infra with UDP working, so I did a little research and approached python-mbedtls wrapper. Since I am not the proficient with DTLS and i know ...
0
votes
0
answers
110
views
Delay in DTLS handshake between Bouncy Castle client and Chrome
I am trying to create a DTLS connection between a custom Bouncy Castle based client and Chrome for streaming WebRTC.
The connection succeeds but it takes > 2 seconds to complete.
I looked at a ...
- 812
1
vote
1
answer
139
views
javax.ssl: DTLS client received server hello done, but when server finished message comes, says it was not received
I've been working on a DTLS client/server implementation loosely based off of OpenJDK's DTLSOverDatagram, and successfully got my unit test where the handshake occurs to run successfully on my windows ...
- 384
0
votes
1
answer
191
views
Why is Bouncy Castle DTLS ReceiveRecord larger than the original buffer
I am currently trying to setup a .NET CoAP DTLS Server. My problem is that bouncy castles DTLS management kept crashing just giving me an "internal error (80)". So I downloaded the library ...
- 51
1
vote
0
answers
206
views
How to deploy a CoAP server written using libcoap in c/c++ on k8's behind a load balancer
I started to code a CoAP server in c/c++ using libcoap. I was really interested in CoAP features such as Multicasting, Observability and DTLS CID. I was hoping that I could deploy my server on a cloud ...
- 123
0
votes
1
answer
176
views
Openssl s_server DTLSv1.2 is not working with certificate RSA-PSS
I have some issue using DTLS with RSA-PSS certificate.
My end entity certificate with rsa-pss key and signed with rsa-pss signature algorithm:
My end entity is enrolled under my root certificate ...
0
votes
0
answers
237
views
How to connect Python COAP + DTLS client to a Eclipse Californium's CoAP Secure Server?
I'm trying to connect a CoAP + DTLS client using Python's CoAPthon library to the CoAP Secure Server from one of the Eclipse Californium examples. Heres the server code:
/**************************...
- 39
0
votes
1
answer
512
views
Webrtc with DTLS 1.3
I'm trying to implement a desktop secure video calling service using WebRTC. As far as I know, it uses DTLS technology, including for establishing an SRTP connection. But the DTLS version 1.2 is used.
...
- 11
0
votes
1
answer
247
views
DTLS server side false start before certificate verify and client certificate
In DTLSv1.2 with OpenSSL 1.1.1k I have observed a case of server sending application data after sending a certificate verify request along with server key exchange, server hello done and new session ...
1
vote
1
answer
98
views
How to implements the method getRSASignerCredentials() for DefaultTlsServer with BouncyCastle
My current Java code with library bctls-jdk18on-1.72.jar for an implementation of TlsServer look like:
class DefaultTlsServerImpl extends DefaultTlsServer {
...
@Override
protected ...
- 24.4k
1
vote
0
answers
291
views
Python DTLS - Server Will Not Accept Connections
I have been learning, through a veil of many tears, the concepts of network programming. I started with a simple UDP client/server pair, moved to TCP, and then secured the TCP stream successfully ...
- 31
1
vote
0
answers
358
views
How to finish writing a DTLS Client/Server program pair
Keep in mind that I am very new to network programming, and am pretty much learning as I go. It has been as painful as it sounds.
I have successfully created a UDP client/server "program pair&...
- 31
0
votes
0
answers
172
views
How can I find the numebr of TLS and DTLS raw data in pcap?
I want to parse a pcap file and find the number of encrypted data, both TLS and DTLS separately. Scapy doesn't support the DTLS layer, but I understand there is a support package (https://github.com/...
- 1
3
votes
1
answer
7k
views
DTLS handshake failed in ocserv and openconnect
I configured the ocserv on my Ubuntu server with this specefication in /etc/ocserv/ocserv.conf file:
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
tcp-port = 443
udp-port = 443
run-as-user = ...
- 147
0
votes
1
answer
2k
views
Decrypting UDP Packets from Game with Known Key
I'm trying to decrypt UDP packets for a multiplayer video game. When loading into a game session, a DTLS handshake occurs where, in Wireshark, I usually see the Client and Server agree on ChaCha20 ...
- 1
0
votes
1
answer
574
views
Why does message MAC verification fail with an OpenSSL client but succeed with a python-mbedtls client
Currently I'm trying to develop a simple UDP DTLS server using pre shared keys on Ubuntu 20.04, to receive UDP datagrams from an embedded application.
My remote example echo server based on python-...
0
votes
0
answers
405
views
OpenSSL DTLS Server - how to split each handshake message into separate packet
I am writing one DTLS server using OpenSSL. I noticed that my server is combining multiple handshake messages into a single packet. Though it will help with better performance. I want to understand if ...
- 581
0
votes
1
answer
565
views
OpenSSL DTLS client handshake
I am battling a little problem with OpenSSL mutually authenticated DTLS client handshake which I should be able to solve for both OpenSSL 1.0 and 1.1.
In a nutshell the issue is that if node and peer ...
- 1
1
vote
1
answer
749
views
Can we send un-encrypted media RTP by disabling fingerprint in the WebRTC offer / answer?
Attempting to implement an SFU, where all the WebRTC peers upload their unencrypted media streams to our customized server; so that they can be distributed to other peers in a loop without any ...
- 69.8k
0
votes
1
answer
204
views
How to generate keyStore.jks and trustStore.jks from cer file for coap dtls client
I have cer file and want to generate trustStore.jks and keyStore.jks files which is going to use in coap client to send the dtls request.
I am using californium coap cf-secure module to call coaps://:/...
1
vote
0
answers
265
views
Using DTLS with socketserver (ThreadedUDPServer)
I am very new to network programming so please bear with me if I make newbie mistakes.
I have written a networking engine using ThreadedUDPServer from Python's socketserver library, which add layers ...
0
votes
0
answers
18
views
Can someone share me sample code for securing UDP connection by using DTLS protocol? [duplicate]
I have code where normal server n client are communicating but i need DTLS implementation to secure it , please help me out
0
votes
0
answers
245
views
DTLS using SChannel: shutdown routine's InitializeSecurityContext returns SEC_E_INVALID_TOKEN
The client is using SChannel to handle the DTLS connection, where the server uses OpenSSL.
Everything works fine until the client tries to close the connection (I used this guide).
Here is the client ...
- 1
2
votes
1
answer
307
views
mbedtls DTLS server running on 64-bit desktop but not on embedded system
I am trying to replace the UDP communication with a DTLS server on my application.
I have a DTLS server running on my computer (linux mint) using mbedtls. The application is reading/writing without ...
- 51
0
votes
1
answer
287
views
DTLS-CoAP server from Contiki-NG fails during DTLS handshake
I have flashed a cc2650 Sensortag with cc26xx-web-demo example in Contiki-NG with option MAKE_WITH_DTLS=1 now I want to access it through a coaps:// request. When I try to access it as coaps:// from ...
- 33
0
votes
0
answers
328
views
DTLS. 141A318A:SSL routines:tls_process_ske_dhe:dh key too small
I have two Qt-based applications (client and server) which use DTLS and TLS connections. That works fine on Ubuntu and Windows 10. Now i have tried to build the server's part for a raspberry pi 4 (...
1
vote
1
answer
340
views
WinPcap equivalent to Wireshark 'dtls' filter
I used to filter packets into Wireshark with the simple dtls argument as filter. (Data Transport Layer Security which is some UDP TLS protocol)
Now, i wanted to do the same using C# and PcapDOTNet ...
- 572
0
votes
1
answer
242
views
Where does the dtls domain args in webrtc come from?
For webrtc peers, what domain is dtls used for negotiation? I am puzzled. There seems to be no relevant attribute definition in the sdp. Is it the domain where the web page is located?
- 23
0
votes
1
answer
356
views
C/C++: Client never recovers a DTLS connection when server restarts
i managed to create a secure connection with DTLS (using a PSK or a Certificate), my client is continuously sending requests every 3 seconds.
the code until now works fine, but, the moment i restart ...
- 43
1
vote
2
answers
254
views
How to handle SEC_I_MESSAGE_FRAGMENT when performing a DTLS handshake via the SChannel SSPI?
When performing a DTLS handshake using the SChannel SSPI in Windows 10 - for which there is no documentation - how should the application handle a SEC_I_MESSAGE_FRAGMENT result from ...
user1831696
0
votes
1
answer
268
views
Query related to Connection Id exchange between DTLS Client & Server using Californium Scandium core
I am exploring on DTLS 1.2 using Californium-Scandium demo-apps projects.
It appears that Scandium-core README.md supports the latest draft of Connection Identifiers for DTLS 1.2.
According to ...
- 33
1
vote
1
answer
515
views
DTLS `HelloVerifyRequest`/`HelloRetryRequest` in WolfSSL
The cookie exchange initiated by HelloVerifyRequest described in section 4.2.1 of RFC 6347 is essential to DoS-protection in DTLS. Unless I'm overlooking something, the WolfSSL documentation does not ...
- 11.3k
0
votes
1
answer
347
views
Random lack of connection and message delay in DTLS with OpenSSL
Trying to write a server for DTLS that will currently just output the text that it receives. The working client is taken from https://github.com/stepheny/openssl-dtls-custom-bio and it sends and ...
- 5,806
1
vote
2
answers
326
views
Use your own RTCCertificate
I'm have compatibility issues with WebRTC implementation and our Oracle (AcmePacket) SBC. I think I could work around the issue that they confirmed and will fix somewhere next year, by using a ...
- 465
1
vote
1
answer
476
views
DTLS handshaking failure due to SocketException though the socket was never closed menually
Apologies as the question might be a bit vague.
Trying to establish webrtc connection to a webrtc-gateway. While performing the dtls handshaking with accept or connect function, it is throwing ...
1
vote
0
answers
638
views
Implementing DTLS handshake for the Bluetooth low energy devices
I am trying to implement a DTLS handshake between two BLE devices. For this, I wanted to use the L2CAP channel of the BLE to communicate with the messages coming from the DTLS. Basically, I want to ...
- 33
0
votes
1
answer
743
views
DTLS on Android
I recently discovered DTLS, however can't seem to find any Android libraries or APIs for its use akin to what SSLSocket is for TLS/SSL. I'm fairly new to Android dev, so any tutorials or posts would ...
- 2,614
0
votes
0
answers
26
views
Do Browsers generate self signed certificate for WebRTC sessions? [duplicate]
I have two Web browsers talking to one another over WebRTC. WebRTC uses DTLS for securing the communication. So do the browsers generate their own self-signed certificates and send it to their peer ...
- 322
2
votes
1
answer
4k
views
Python3 DTLS Server/Client
I am planning to implement a "simple" DTLS tool in python3, which is able to initiate (client) and accept DTLS (server) connections with a PSK as a PoC (later on i am planning to extend it ...
- 103