Hi Scott,
Thank you very much for the feedback. I filed a feature request:
https://bugs.openjdk.java.net/browse/JDK-8250643. Please keep track of
the status.
Thanks,
Xuelei
On 7/27/2020 1:24 PM, Scott Palmer wrote:
My goal is implementing a server that can stream video to a browser using the
WebRTC standard. WebRTC has good browser support and requires only a few lines
of JavaScript code on the client side making it an ideal means to send
low-latency video. It has many advantages over other mechanisms like HLS.
I got quite far into it, getting bits and pieces of WebRTC implemented in Java.
This includes exchanging SDP Offer/Answer messages and initiating ICE/STUN/TURN
protocols to establish connectivity.
At that point WebRTC requires a DTLS handshake that includes the use_srtp
extension in both the Client and Server Hello
messages. (For media connections anyway.)
I found some sample code for implementing DTLS in Java (DTLSOverDatagram.java
from bug 8043758) and tried to make it work. That’s when I discovered that the
use_srtp extension was not supported. I could find no way of implementing it
myself using the existing classes in the JDK (SSLEngine).
I had hoped, since WebRTC was explicitly called out as motivation for
implementing DTLS, that the subsequent DTLS support would actually be usable to
make a WebRTC media connection. It seems that while steps were made toward that
goal, it wasn’t enough to get there. See the link in my initial message to RFC
5764 (section 4.1) for more information.
Other implementations of WebRTC in Java (e.g. Jitsi) are forced to use the
popular Bouncy Castle libraries and implement DTLS without any support from the
core Java classes. That is the direction I’m pursuing now, while trying to keep
things light-weight. (The Jitsi platform is massive and very poirl documented.)
On another note, it would be really great if creating a certificate was
supported in Java SSE. The code is there in the JDK to support keytool, but not
as a publicly accessible API. A self-signed certificate is used by WebRTC.
Thank you very much for your consideration.
Scott
On Jul 27, 2020, at 11:44 AM, Xuelei Fan <xuelei....@oracle.com> wrote:
Hi Scott,
Thanks for the feedback. May I have more information if there is a real
project/requirement for the use_srtp extension? As would help me plan for the
priority for the support.
I'm thinking about to support more flexible extension customization, but for
now it is not easy to add extension from application level.
Thanks,
Xuelei
On 7/20/2020 11:00 AM, Scott Palmer wrote:
When DTLS support was added in https://bugs.openjdk.java.net/browse/JDK-8043758
DTLS-SRTP and WebRTC were specifically mentioned in the motivation. However,
DTLS- SRTP requires the ‘use_srtp’ extension to be in the handshake.
(https://tools.ietf.org/html/rfc5764#section-4.1)
It appears that extension is still not supported as of JDK 14.
Is support for “use_srtp” planned?
Is there any way to add extensions to the handshake from the application level?
If not, are there any plans to add a mechanism that would allow such
customization of the extensions used by the SSLEngine?
Scott
