[libnice] TLS support

Olivier Crête olivier.crete at collabora.com
Thu Dec 1 20:06:40 UTC 2016


libnice doesn't really support TLS. If you ask that, it only creates
the Google fake SSL, where it sends a pre-canned SSL header, the server
sends back another, then it's all unencrypted, the goal is to confuse
enterprise proxies.

Implementing the real TURN TLS would be a really nice feature. But it's
not a full security solution, as it only protect the leg between you
and the TURN server, the TURN server can very well forward everything
unencrypted on the other side. If you want end-to-end encryption, you
need to use something like SRTP or DTLS-SRTP.


On Thu, 2016-12-01 at 16:27 +0000, Tom Chen wrote:
> Hello,
> I am wondering whether libnice supports TLS stream to TURN server? 
> I see NICE_RELAY_TYPE_TURN_TLS flag for Type of TURN server, so, TURN
> TLS is supported by libnice? I am also wondering how to load
> TLS certificate to setup secure communication with PBX?
> Tom
> _______________________________________________
> nice mailing list
> nice at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/nice
Olivier Crête
olivier.crete at collabora.com

More information about the nice mailing list