Hi Alexander, I think we would need to see the SDP for the matching call. The SDP should tell you which side of the call got negotiated as the DTLS server and client. Which version of Firefox do you see this problem with?
Looking at our code briefly it potentially could be that Firefox does send such an Alert in case it is the DTLS server and never receives a Client Hello. Best regards Nils Ohlmeier > On Aug 31, 2016, at 11:58, Alexander Abagian <[email protected]> wrote: > > Hi all, > > In random cases, when Firefox webrtc client connects to the media server, I'm > getting a DTLS handshake for the video channel (only) fails with DTLS v1.2 > alert "illegal parameter". What is strange, that this alert is the first DTLS > message in the whole DTLS handshake session; and never appears in audio > channel (we use separate audio and video connections). > > RFC tells : > > illegal_parameter > A field in the handshake was out of range or inconsistent with > other fields. This message is always fatal. > > But the alert message is the first one ! Could it be a reaction not to a > incoming DTLS, but to a wrong DTLS-related configurations in Firefox SDP ? > > The server uses DTLS v1.0. > > Wireshark log: > filter: ip.addr == 192.168.125.138 && dtls > > 5202 16:10:02.859969 192.168.125.39 50423 192.168.125.138 57 > DTLSv1.2 Alert (Level: Fatal, Description: Illegal Parameter) 9001 > 5223 16:10:03.060687 192.168.125.138 9001 192.168.125.39 263 > DTLSv1.0 Client Hello 50423 > 5255 16:10:03.353462 192.168.125.138 8001 192.168.125.39 263 > DTLSv1.0 Client Hello 52713 > 5259 16:10:03.357654 192.168.125.39 52713 192.168.125.138 681 > DTLSv1.0 Server Hello, Certificate, Server Key Exchange, Certificate > Request, Server Hello Done 8001 > 5262 16:10:03.383612 192.168.125.138 8001 192.168.125.39 298 > DTLSv1.0 Certificate (Fragment) 52713 > 5263 16:10:03.391366 192.168.125.138 8001 192.168.125.39 298 > DTLSv1.0 Certificate (Reassembled), Client Key Exchange (Fragment) > 52713 > 5265 16:10:03.497471 192.168.125.138 8001 192.168.125.39 278 > DTLSv1.0 Client Key Exchange (Reassembled), Certificate Verify 52713 > 5266 16:10:03.497691 192.168.125.138 8001 192.168.125.39 133 > DTLSv1.0 Change Cipher Spec, Encrypted Handshake Message 52713 > 5273 16:10:03.502496 192.168.125.39 52713 192.168.125.138 133 > DTLSv1.0 Change Cipher Spec, Encrypted Handshake Message 8001 > 5485 16:10:05.002177 192.168.125.138 9001 192.168.125.39 263 > DTLSv1.0 Client Hello 50423 > 6012 16:10:09.001930 192.168.125.138 9001 192.168.125.39 263 > DTLSv1.0 Client Hello 50423 > 6928 16:10:16.992382 192.168.125.138 9001 192.168.125.39 263 > DTLSv1.0 Client Hello 50423 > 8791 16:10:32.971012 192.168.125.138 9001 192.168.125.39 263 > DTLSv1.0 Client Hello 50423 > _______________________________________________ > dev-media mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-media
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media
