[Nice] DTLS support with libnice

Rajarshi Chaudhuri Rajarshi.Chaudhuri at genesyslab.com
Tue Aug 20 00:35:24 PDT 2013

Hello -

We  are working on WebRTC and have our own WebRTC gateway. For ICE, we use libnice in our gateway. As you know WebRTC uses SRTP and in WebRTC there are two approaches to keying SRTP - sending the key over the signaling channel, or generating the key in the media path.

The former we support (SDES) - now for the latter we need to support DTLS-SRTP (media path key agreement performed during the DTLS handshake). The DTLS handshake supposed to occur after ICE connectivity checks are completed and candidate pair chosen for the media session.

Now - supporting DTLS on a UDP socket is reasonably straight forward using open-ssl (or others). However, for this to work, we need access to the actual UDP socket, but that's not the case with libnice.  Because DTLS handshaking is also going on the same socket, open-ssl needs to first receive the message, and we should get/write any data using SSL_read/SSL_write functions.  On the other hand, with ICE, libnice handles all the UDP messages and processes the STUN messages.

So my question - is  there a way to access the UDP sockets used by libnice so that we could set up DTLS [using open-ssl]. Note that, once DTLS handshake is completed, though the actual data is not sent as DTLS records with SRTP, the data may still need to be sent using SSL_write() - see http://tools.ietf.org/html/rfc5764#section-5.1.1. Also on receiving, as described in section 5.1.2 of the same RFC, we need to handle SRTP and DTLS messages, and the latter needs to be handled by open-ssl.

Is there other ways of supporting DTLS in libnice directly?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/nice/attachments/20130820/67ca8e04/attachment.html>

More information about the nice mailing list