You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Online Use <fo...@yahoo.com> on 2020/07/12 06:47:50 UTC
RTMPS security
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
Re: UNSUBSCRIBE
Posted by Maxim Solodovnik <so...@gmail.com>.
To unsubscribe please use link from here
https://openmeetings.apache.org/mailing-lists.html
On Sun, 19 Jul 2020 at 22:22, Tom Wagner <tw...@snarkboojum.com> wrote:
> UNSUB
>
--
Best regards,
Maxim
UNSUBSCRIBE
Posted by Tom Wagner <tw...@snarkboojum.com>.
UNSUB
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
Dear All,
Any body is able to do traffic sniffering test?
I haven't done this before, if you can cooperate in this regard it would be appreciated.
بتاريخ الأربعاء، 29 تموز 2020 10:50:28 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
At least related to Traffic sniffer, to ensure encryption of audio/camera traffic, if you can verify that?
secure connection to KMS is not a big issue as long as it's on the same server as the OM, but it's desirable after all.
بتاريخ الاثنين، 27 تموز 2020 8:15:50 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
I don't have free time right now to do testsHopefully someone else can help
On Mon, 27 Jul 2020 at 13:08, Online Use <fo...@yahoo.com> wrote:
Hello,
Just to follow up, is there any updates regarding test case for the below mentioned points? I just want to make sure where is the issue?
Thank you.
بتاريخ الأحد، 19 تموز 2020 8:30:29 ص غرينتش+2، Online Use <fo...@yahoo.com> كتب:
Yes you are right, I just needed to refresh the page.
So to summarize, I'm waiting for confirmation regarding:
- Use of wss / tls for KMS connection- Traffic sniffer results, if possible.
Thanks.
بتاريخ الأحد، 19 تموز 2020 8:02:52 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 12:41, Online Use <fo...@yahoo.com> wrote:
I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity, but nothing got logged when I opened an audio & video session using OM. Why, if WebRTC is actually utilized?
just have checked using latest FF at Ubuntu 20.04about:webrtcand demo-next https://om.alteametasoft.com:8443/next/
WebRTC info is displayed as expected
بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
Will do top posting
It seems I wasn't clear enough while describing how everything worksHere is the diagram https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the beautiful one)As you can see OM is only "control server"All streams goes directly to/via KMS
I'll try to set up secured KMS, but unfortunately have no ETAI do remember I have difficulties with certificate ....
On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com> wrote:
Encryption
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
Does this apply to the OM system? because you said you guess audio and video are not encrypted, but since WebRTC is used already in OM, wouldn't that mean encryption is effective already, or it there something missing?
بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
At least related to Traffic sniffer, to ensure encryption of audio/camera traffic, if you can verify that?
secure connection to KMS is not a big issue as long as it's on the same server as the OM, but it's desirable after all.
بتاريخ الاثنين، 27 تموز 2020 8:15:50 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
I don't have free time right now to do testsHopefully someone else can help
On Mon, 27 Jul 2020 at 13:08, Online Use <fo...@yahoo.com> wrote:
Hello,
Just to follow up, is there any updates regarding test case for the below mentioned points? I just want to make sure where is the issue?
Thank you.
بتاريخ الأحد، 19 تموز 2020 8:30:29 ص غرينتش+2، Online Use <fo...@yahoo.com> كتب:
Yes you are right, I just needed to refresh the page.
So to summarize, I'm waiting for confirmation regarding:
- Use of wss / tls for KMS connection- Traffic sniffer results, if possible.
Thanks.
بتاريخ الأحد، 19 تموز 2020 8:02:52 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 12:41, Online Use <fo...@yahoo.com> wrote:
I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity, but nothing got logged when I opened an audio & video session using OM. Why, if WebRTC is actually utilized?
just have checked using latest FF at Ubuntu 20.04about:webrtcand demo-next https://om.alteametasoft.com:8443/next/
WebRTC info is displayed as expected
بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
Will do top posting
It seems I wasn't clear enough while describing how everything worksHere is the diagram https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the beautiful one)As you can see OM is only "control server"All streams goes directly to/via KMS
I'll try to set up secured KMS, but unfortunately have no ETAI do remember I have difficulties with certificate ....
On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com> wrote:
Encryption
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
Does this apply to the OM system? because you said you guess audio and video are not encrypted, but since WebRTC is used already in OM, wouldn't that mean encryption is effective already, or it there something missing?
بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
I don't have free time right now to do tests
Hopefully someone else can help
On Mon, 27 Jul 2020 at 13:08, Online Use <fo...@yahoo.com>
wrote:
> Hello,
>
> Just to follow up, is there any updates regarding test case for the below
> mentioned points? I just want to make sure where is the issue?
>
> Thank you.
>
>
> بتاريخ الأحد، 19 تموز 2020 8:30:29 ص غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> Yes you are right, I just needed to refresh the page.
>
> So to summarize, I'm waiting for confirmation regarding:
>
> - Use of wss / tls for KMS connection
> - Traffic sniffer results, if possible.
>
> Thanks.
>
>
>
> بتاريخ الأحد، 19 تموز 2020 8:02:52 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 19 Jul 2020 at 12:41, Online Use <fo...@yahoo.com>
> wrote:
>
> I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity,
> but nothing got logged when I opened an audio & video session using OM.
> Why, if WebRTC is actually utilized?
>
>
> just have checked using latest FF at Ubuntu 20.04
> about:webrtc
> and demo-next https://om.alteametasoft.com:8443/next/
>
> WebRTC info is displayed as expected
>
>
>
>
> بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> Will do top posting
>
> It seems I wasn't clear enough while describing how everything works
> Here is the diagram
> https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the
> beautiful one)
> As you can see OM is only "control server"
> All streams goes directly to/via KMS
>
> I'll try to set up secured KMS, but unfortunately have no ETA
> I do remember I have difficulties with certificate ....
>
> On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com>
> wrote:
>
> Encryption
>
> Encryption is mandatory part of WebRTC and is enforced on all aspects of
> establishing and maintaining a connection. It makes it effectively
> impossible for someone to gain access to the contents of a communication
> stream because all media streams are securely encrypted through
> standardized and time-tested encryption protocols. Only those applications
> with the secret encryption key are able to decode the streams.
>
> The best practice for this is to use perfect forward secrecy (PFS) ciphers
> in a DTLS (Datagram Transport Layer Security) handshake to securely
> exchange key data (this is the method Frozen Mountain uses). For audio and
> video, key data can then be used to generate AES (Advanced Encryption
> Standard) keys which are in turn used by SRTP (Secure Real-time Transport
> Protocol) to encrypt and decrypt the media. This acronym-rich stack of
> technologies translates to extremely secure connections that are impossible
> to break with current technology. Both WebRTC and ORTC mandate this
> particular stack, which is backwards-compatible and interoperable with VoIP
> systems.
>
> https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
>
>
> Does this apply to the OM system? because you said you guess audio and
> video are not encrypted, but since WebRTC is used already in OM, wouldn't
> that mean encryption is effective already, or it there something missing?
>
>
>
>
> بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I have been able to use TLS port and certificates with TURN in the
> applicationContext.xml file without a problem, but the TURN url doesn't
> include protocol (https or wss) only the TLS port number. I have actually
> commented out the non-secure port setting in coturn conf. file. It's
> working fine, but I'm not sure if the url should contain protocol directive
> https or wss or none? When I used the https directive I got an error
> message NS_ERROR_UNEXPECTED. Any comments?
>
> My problem now is with the KMS url, I have specified the TLS port and
> certificates, but when I use the wss:// protocol I get the error of media
> server is not accessible. Could someone try to use this secure setting and
> confirm if it's working properly or not to make sure what is the issue at
> my end?
>
>
>
> بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com>
> wrote:
>
> Can you please share with me the architecture of the OM system, showing
> components and interfaces?
>
>
> we don't have such diagram ATM
>
>
>
> I don't understand how https is secure while the KMS socket is not secure?
> And what is the role of TURN in securing the connection? What should TURN
> be used in case of https protocol?
>
>
> Out-of-the-box OM provides HTTPS which ensures login and all UI actions
> are secured
> KMS out-of-the-box is NOT secured, and it is OM-server-admin task to
> secure it
>
> TURN is used to be able to negotiate connection with users without real IP
> It tries to resolve user IP so direct connection can be established
> established
> OR
> bypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable
> (I believe you can easily Google above info with much more details)
>
> So if you want fully secured system you have to ensure both KMS and TURN
> are secured as well
>
>
>
> I think security of the system is questionable. Did you try to use wss://
> in KMS url to test it before release?
>
>
> I see no need in such test
> We are using KMS API to control connections (drop, create recording chains
> etc.)
> We are not working with audio/video streams directly this is the task of
> media server
>
>
>
>
> بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
> On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com>
> wrote:
>
> I also used cert and key files for TLS in COTURN, I used https in turnurl
> in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
>
> Probably the application itself is not designed to use TLS for Kurento and
> COTURN?
>
>
> Not sure which application are you talking about :(
> OM doesn't use TURN, WebRTC in browser uses TURN ....
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I found this note in Kurento documentation:
> https://doc-kurento.readthedocs.io/en/stable/features/security.html
>
> *Keep in mind that serving your application through HTTPS, forces you to
> use WebSockets Secure (WSS) if you are using websockets to control your
> application server.*
>
> So how the OM system is working while the applicationContext.xml used
> ws:// connection url?
>
>
> I would check the traffic with some sniffer and the ask KMS devs
> From my point of view right now everything works as expected
> OM uses HTTPS and wss for internal websocket messages
> AND it has KMS at ws URL ....
>
>
>
> Is it secure enough to use https in the browser without using wss
> connection? Are all media streams including audio and video encrypted this
> way?
>
>
> I guess audio/video is NOT encrypted
> this is why i wrote you need to secure KMS ....
>
>
>
>
> Moreover, I edited the kurento.conf.json file to include path to the
> certificate file, and edited the applicationContext.xml file to use
> wss:// with secure port, but the OM raised an error message saying the
> media server is inaccessible. What is the porblem?
>
>
> I can't say from this description
> you have to check
> 1) KMS logs
> 2) KMS URL (i guess port will be different in case of wss)
> 3) OM logs
> 4) browser console logs and/or browser's WebRTC debugging tools
>
>
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com>
> wrote:
>
> I installed KMS using podman not docker, I can't find the configuration
> file path you mentioned, where could it be located?
>
>
> Unfortunately I can't help here
> I neve use podman
>
>
>
> So the steps are to edit the kurento.conf.json to enable secure
> connection, then to edit the applicatonContext.xml file to use wss//
> instead of ws:// in Kurento url, right?
>
>
> most probably you will need to create certificate for KMS (never did it
> myself, so you will have to experiment here)
>
>
>
>
> In a previous reply you mentioned that:
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
> So how to enable WebRTC tunneling with TURN server?
>
>
> TURN server was designed fo unhide user IP address (so tunneling is not
> necessary)
> Or to proxy WebRTC
> So it will work out-of-the-box
>
>
>
> بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
> wrote:
>
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
>
> You have to configure KMS to be secured BEFORE you you will made changes
> to applicationContext.xml
>
> please check /etc/kurento/kurento.conf.json
> And official KMS documentation
>
>
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
Hello,
Just to follow up, is there any updates regarding test case for the below mentioned points? I just want to make sure where is the issue?
Thank you.
بتاريخ الأحد، 19 تموز 2020 8:30:29 ص غرينتش+2، Online Use <fo...@yahoo.com> كتب:
Yes you are right, I just needed to refresh the page.
So to summarize, I'm waiting for confirmation regarding:
- Use of wss / tls for KMS connection- Traffic sniffer results, if possible.
Thanks.
بتاريخ الأحد، 19 تموز 2020 8:02:52 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 12:41, Online Use <fo...@yahoo.com> wrote:
I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity, but nothing got logged when I opened an audio & video session using OM. Why, if WebRTC is actually utilized?
just have checked using latest FF at Ubuntu 20.04about:webrtcand demo-next https://om.alteametasoft.com:8443/next/
WebRTC info is displayed as expected
بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
Will do top posting
It seems I wasn't clear enough while describing how everything worksHere is the diagram https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the beautiful one)As you can see OM is only "control server"All streams goes directly to/via KMS
I'll try to set up secured KMS, but unfortunately have no ETAI do remember I have difficulties with certificate ....
On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com> wrote:
Encryption
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
Does this apply to the OM system? because you said you guess audio and video are not encrypted, but since WebRTC is used already in OM, wouldn't that mean encryption is effective already, or it there something missing?
بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
Yes you are right, I just needed to refresh the page.
So to summarize, I'm waiting for confirmation regarding:
- Use of wss / tls for KMS connection- Traffic sniffer results, if possible.
Thanks.
بتاريخ الأحد، 19 تموز 2020 8:02:52 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 12:41, Online Use <fo...@yahoo.com> wrote:
I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity, but nothing got logged when I opened an audio & video session using OM. Why, if WebRTC is actually utilized?
just have checked using latest FF at Ubuntu 20.04about:webrtcand demo-next https://om.alteametasoft.com:8443/next/
WebRTC info is displayed as expected
بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
Will do top posting
It seems I wasn't clear enough while describing how everything worksHere is the diagram https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the beautiful one)As you can see OM is only "control server"All streams goes directly to/via KMS
I'll try to set up secured KMS, but unfortunately have no ETAI do remember I have difficulties with certificate ....
On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com> wrote:
Encryption
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
Does this apply to the OM system? because you said you guess audio and video are not encrypted, but since WebRTC is used already in OM, wouldn't that mean encryption is effective already, or it there something missing?
بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
On Sun, 19 Jul 2020 at 12:41, Online Use <fo...@yahoo.com>
wrote:
> I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity,
> but nothing got logged when I opened an audio & video session using OM.
> Why, if WebRTC is actually utilized?
>
just have checked using latest FF at Ubuntu 20.04
about:webrtc
and demo-next https://om.alteametasoft.com:8443/next/
WebRTC info is displayed as expected
>
>
> بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> Will do top posting
>
> It seems I wasn't clear enough while describing how everything works
> Here is the diagram
> https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the
> beautiful one)
> As you can see OM is only "control server"
> All streams goes directly to/via KMS
>
> I'll try to set up secured KMS, but unfortunately have no ETA
> I do remember I have difficulties with certificate ....
>
> On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com>
> wrote:
>
> Encryption
>
> Encryption is mandatory part of WebRTC and is enforced on all aspects of
> establishing and maintaining a connection. It makes it effectively
> impossible for someone to gain access to the contents of a communication
> stream because all media streams are securely encrypted through
> standardized and time-tested encryption protocols. Only those applications
> with the secret encryption key are able to decode the streams.
>
> The best practice for this is to use perfect forward secrecy (PFS) ciphers
> in a DTLS (Datagram Transport Layer Security) handshake to securely
> exchange key data (this is the method Frozen Mountain uses). For audio and
> video, key data can then be used to generate AES (Advanced Encryption
> Standard) keys which are in turn used by SRTP (Secure Real-time Transport
> Protocol) to encrypt and decrypt the media. This acronym-rich stack of
> technologies translates to extremely secure connections that are impossible
> to break with current technology. Both WebRTC and ORTC mandate this
> particular stack, which is backwards-compatible and interoperable with VoIP
> systems.
>
> https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
>
>
> Does this apply to the OM system? because you said you guess audio and
> video are not encrypted, but since WebRTC is used already in OM, wouldn't
> that mean encryption is effective already, or it there something missing?
>
>
>
>
> بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I have been able to use TLS port and certificates with TURN in the
> applicationContext.xml file without a problem, but the TURN url doesn't
> include protocol (https or wss) only the TLS port number. I have actually
> commented out the non-secure port setting in coturn conf. file. It's
> working fine, but I'm not sure if the url should contain protocol directive
> https or wss or none? When I used the https directive I got an error
> message NS_ERROR_UNEXPECTED. Any comments?
>
> My problem now is with the KMS url, I have specified the TLS port and
> certificates, but when I use the wss:// protocol I get the error of media
> server is not accessible. Could someone try to use this secure setting and
> confirm if it's working properly or not to make sure what is the issue at
> my end?
>
>
>
> بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com>
> wrote:
>
> Can you please share with me the architecture of the OM system, showing
> components and interfaces?
>
>
> we don't have such diagram ATM
>
>
>
> I don't understand how https is secure while the KMS socket is not secure?
> And what is the role of TURN in securing the connection? What should TURN
> be used in case of https protocol?
>
>
> Out-of-the-box OM provides HTTPS which ensures login and all UI actions
> are secured
> KMS out-of-the-box is NOT secured, and it is OM-server-admin task to
> secure it
>
> TURN is used to be able to negotiate connection with users without real IP
> It tries to resolve user IP so direct connection can be established
> established
> OR
> bypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable
> (I believe you can easily Google above info with much more details)
>
> So if you want fully secured system you have to ensure both KMS and TURN
> are secured as well
>
>
>
> I think security of the system is questionable. Did you try to use wss://
> in KMS url to test it before release?
>
>
> I see no need in such test
> We are using KMS API to control connections (drop, create recording chains
> etc.)
> We are not working with audio/video streams directly this is the task of
> media server
>
>
>
>
> بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
> On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com>
> wrote:
>
> I also used cert and key files for TLS in COTURN, I used https in turnurl
> in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
>
> Probably the application itself is not designed to use TLS for Kurento and
> COTURN?
>
>
> Not sure which application are you talking about :(
> OM doesn't use TURN, WebRTC in browser uses TURN ....
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I found this note in Kurento documentation:
> https://doc-kurento.readthedocs.io/en/stable/features/security.html
>
> *Keep in mind that serving your application through HTTPS, forces you to
> use WebSockets Secure (WSS) if you are using websockets to control your
> application server.*
>
> So how the OM system is working while the applicationContext.xml used
> ws:// connection url?
>
>
> I would check the traffic with some sniffer and the ask KMS devs
> From my point of view right now everything works as expected
> OM uses HTTPS and wss for internal websocket messages
> AND it has KMS at ws URL ....
>
>
>
> Is it secure enough to use https in the browser without using wss
> connection? Are all media streams including audio and video encrypted this
> way?
>
>
> I guess audio/video is NOT encrypted
> this is why i wrote you need to secure KMS ....
>
>
>
>
> Moreover, I edited the kurento.conf.json file to include path to the
> certificate file, and edited the applicationContext.xml file to use
> wss:// with secure port, but the OM raised an error message saying the
> media server is inaccessible. What is the porblem?
>
>
> I can't say from this description
> you have to check
> 1) KMS logs
> 2) KMS URL (i guess port will be different in case of wss)
> 3) OM logs
> 4) browser console logs and/or browser's WebRTC debugging tools
>
>
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com>
> wrote:
>
> I installed KMS using podman not docker, I can't find the configuration
> file path you mentioned, where could it be located?
>
>
> Unfortunately I can't help here
> I neve use podman
>
>
>
> So the steps are to edit the kurento.conf.json to enable secure
> connection, then to edit the applicatonContext.xml file to use wss//
> instead of ws:// in Kurento url, right?
>
>
> most probably you will need to create certificate for KMS (never did it
> myself, so you will have to experiment here)
>
>
>
>
> In a previous reply you mentioned that:
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
> So how to enable WebRTC tunneling with TURN server?
>
>
> TURN server was designed fo unhide user IP address (so tunneling is not
> necessary)
> Or to proxy WebRTC
> So it will work out-of-the-box
>
>
>
> بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
> wrote:
>
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
>
> You have to configure KMS to be secured BEFORE you you will made changes
> to applicationContext.xml
>
> please check /etc/kurento/kurento.conf.json
> And official KMS documentation
>
>
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
I used WebRTC Internals (about:webrtc in Firefox) to log WebRTC activity, but nothing got logged when I opened an audio & video session using OM. Why, if WebRTC is actually utilized?
بتاريخ الأحد، 19 تموز 2020 3:00:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
Will do top posting
It seems I wasn't clear enough while describing how everything worksHere is the diagram https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture (the beautiful one)As you can see OM is only "control server"All streams goes directly to/via KMS
I'll try to set up secured KMS, but unfortunately have no ETAI do remember I have difficulties with certificate ....
On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com> wrote:
Encryption
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
Does this apply to the OM system? because you said you guess audio and video are not encrypted, but since WebRTC is used already in OM, wouldn't that mean encryption is effective already, or it there something missing?
بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
Will do top posting
It seems I wasn't clear enough while describing how everything works
Here is the diagram
https://doc-kurento.readthedocs.io/en/stable/user/writing_applications.html#application-architecture
(the
beautiful one)
As you can see OM is only "control server"
All streams goes directly to/via KMS
I'll try to set up secured KMS, but unfortunately have no ETA
I do remember I have difficulties with certificate ....
On Sun, 19 Jul 2020 at 01:23, Online Use <fo...@yahoo.com>
wrote:
> *Encryption Encryption is mandatory part of WebRTC and is enforced on all
> aspects of establishing and maintaining a connection. It makes it
> effectively impossible for someone to gain access to the contents of a
> communication stream because all media streams are securely encrypted
> through standardized and time-tested encryption protocols. Only those
> applications with the secret encryption key are able to decode the streams.
> The best practice for this is to use perfect forward secrecy (PFS) ciphers
> in a DTLS (Datagram Transport Layer Security) handshake to securely
> exchange key data (this is the method Frozen Mountain uses). For audio and
> video, key data can then be used to generate AES (Advanced Encryption
> Standard) keys which are in turn used by SRTP (Secure Real-time Transport
> Protocol) to encrypt and decrypt the media. This acronym-rich stack of
> technologies translates to extremely secure connections that are impossible
> to break with current technology. Both WebRTC and ORTC mandate this
> particular stack, which is backwards-compatible and interoperable with VoIP
> systems.*
>
> https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
>
>
> Does this apply to the OM system? because you said you guess audio and
> video are not encrypted, but since WebRTC is used already in OM, wouldn't
> that mean encryption is effective already, or it there something missing?
>
>
>
>
> بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I have been able to use TLS port and certificates with TURN in the
> applicationContext.xml file without a problem, but the TURN url doesn't
> include protocol (https or wss) only the TLS port number. I have actually
> commented out the non-secure port setting in coturn conf. file. It's
> working fine, but I'm not sure if the url should contain protocol directive
> https or wss or none? When I used the https directive I got an error
> message NS_ERROR_UNEXPECTED. Any comments?
>
> My problem now is with the KMS url, I have specified the TLS port and
> certificates, but when I use the wss:// protocol I get the error of media
> server is not accessible. Could someone try to use this secure setting and
> confirm if it's working properly or not to make sure what is the issue at
> my end?
>
>
>
> بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com>
> wrote:
>
> Can you please share with me the architecture of the OM system, showing
> components and interfaces?
>
>
> we don't have such diagram ATM
>
>
>
> I don't understand how https is secure while the KMS socket is not secure?
> And what is the role of TURN in securing the connection? What should TURN
> be used in case of https protocol?
>
>
> Out-of-the-box OM provides HTTPS which ensures login and all UI actions
> are secured
> KMS out-of-the-box is NOT secured, and it is OM-server-admin task to
> secure it
>
> TURN is used to be able to negotiate connection with users without real IP
> It tries to resolve user IP so direct connection can be established
> established
> OR
> bypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable
> (I believe you can easily Google above info with much more details)
>
> So if you want fully secured system you have to ensure both KMS and TURN
> are secured as well
>
>
>
> I think security of the system is questionable. Did you try to use wss://
> in KMS url to test it before release?
>
>
> I see no need in such test
> We are using KMS API to control connections (drop, create recording chains
> etc.)
> We are not working with audio/video streams directly this is the task of
> media server
>
>
>
>
> بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
> On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com>
> wrote:
>
> I also used cert and key files for TLS in COTURN, I used https in turnurl
> in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
>
> Probably the application itself is not designed to use TLS for Kurento and
> COTURN?
>
>
> Not sure which application are you talking about :(
> OM doesn't use TURN, WebRTC in browser uses TURN ....
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I found this note in Kurento documentation:
> https://doc-kurento.readthedocs.io/en/stable/features/security.html
>
> *Keep in mind that serving your application through HTTPS, forces you to
> use WebSockets Secure (WSS) if you are using websockets to control your
> application server.*
>
> So how the OM system is working while the applicationContext.xml used
> ws:// connection url?
>
>
> I would check the traffic with some sniffer and the ask KMS devs
> From my point of view right now everything works as expected
> OM uses HTTPS and wss for internal websocket messages
> AND it has KMS at ws URL ....
>
>
>
> Is it secure enough to use https in the browser without using wss
> connection? Are all media streams including audio and video encrypted this
> way?
>
>
> I guess audio/video is NOT encrypted
> this is why i wrote you need to secure KMS ....
>
>
>
>
> Moreover, I edited the kurento.conf.json file to include path to the
> certificate file, and edited the applicationContext.xml file to use
> wss:// with secure port, but the OM raised an error message saying the
> media server is inaccessible. What is the porblem?
>
>
> I can't say from this description
> you have to check
> 1) KMS logs
> 2) KMS URL (i guess port will be different in case of wss)
> 3) OM logs
> 4) browser console logs and/or browser's WebRTC debugging tools
>
>
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com>
> wrote:
>
> I installed KMS using podman not docker, I can't find the configuration
> file path you mentioned, where could it be located?
>
>
> Unfortunately I can't help here
> I neve use podman
>
>
>
> So the steps are to edit the kurento.conf.json to enable secure
> connection, then to edit the applicatonContext.xml file to use wss//
> instead of ws:// in Kurento url, right?
>
>
> most probably you will need to create certificate for KMS (never did it
> myself, so you will have to experiment here)
>
>
>
>
> In a previous reply you mentioned that:
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
> So how to enable WebRTC tunneling with TURN server?
>
>
> TURN server was designed fo unhide user IP address (so tunneling is not
> necessary)
> Or to proxy WebRTC
> So it will work out-of-the-box
>
>
>
> بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
> wrote:
>
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
>
> You have to configure KMS to be secured BEFORE you you will made changes
> to applicationContext.xml
>
> please check /etc/kurento/kurento.conf.json
> And official KMS documentation
>
>
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
Encryption
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
https://www.frozenmountain.com/developers/blog/what-you-need-to-know-about-webrtc-security
Does this apply to the OM system? because you said you guess audio and video are not encrypted, but since WebRTC is used already in OM, wouldn't that mean encryption is effective already, or it there something missing?
بتاريخ السبت، 18 تموز 2020 8:14:03 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
I have been able to use TLS port and certificates with TURN in the applicationContext.xml file without a problem, but the TURN url doesn't include protocol (https or wss) only the TLS port number. I have actually commented out the non-secure port setting in coturn conf. file. It's working fine, but I'm not sure if the url should contain protocol directive https or wss or none? When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any comments?
My problem now is with the KMS url, I have specified the TLS port and certificates, but when I use the wss:// protocol I get the error of media server is not accessible. Could someone try to use this secure setting and confirm if it's working properly or not to make sure what is the issue at my end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com> wrote:
Can you please share with me the architecture of the OM system, showing components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it
TURN is used to be able to negotiate connection with users without real IPIt tries to resolve user IP so direct connection can be established establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are secured as well
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
On Sun, 19 Jul 2020 at 00:26, Online Use <fo...@yahoo.com>
wrote:
> Can you please share with me the architecture of the OM system, showing
> components and interfaces?
>
we don't have such diagram ATM
>
> I don't understand how https is secure while the KMS socket is not secure?
> And what is the role of TURN in securing the connection? What should TURN
> be used in case of https protocol?
>
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are
secured
KMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure
it
TURN is used to be able to negotiate connection with users without real IP
It tries to resolve user IP so direct connection can be established
established
OR
bypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable
(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN
are secured as well
>
> I think security of the system is questionable. Did you try to use wss://
> in KMS url to test it before release?
>
I see no need in such test
We are using KMS API to control connections (drop, create recording chains
etc.)
We are not working with audio/video streams directly this is the task of
media server
>
>
> بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
> On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com>
> wrote:
>
> I also used cert and key files for TLS in COTURN, I used https in turnurl
> in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
>
> Probably the application itself is not designed to use TLS for Kurento and
> COTURN?
>
>
> Not sure which application are you talking about :(
> OM doesn't use TURN, WebRTC in browser uses TURN ....
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I found this note in Kurento documentation:
> https://doc-kurento.readthedocs.io/en/stable/features/security.html
>
> *Keep in mind that serving your application through HTTPS, forces you to
> use WebSockets Secure (WSS) if you are using websockets to control your
> application server.*
>
> So how the OM system is working while the applicationContext.xml used
> ws:// connection url?
>
>
> I would check the traffic with some sniffer and the ask KMS devs
> From my point of view right now everything works as expected
> OM uses HTTPS and wss for internal websocket messages
> AND it has KMS at ws URL ....
>
>
>
> Is it secure enough to use https in the browser without using wss
> connection? Are all media streams including audio and video encrypted this
> way?
>
>
> I guess audio/video is NOT encrypted
> this is why i wrote you need to secure KMS ....
>
>
>
>
> Moreover, I edited the kurento.conf.json file to include path to the
> certificate file, and edited the applicationContext.xml file to use
> wss:// with secure port, but the OM raised an error message saying the
> media server is inaccessible. What is the porblem?
>
>
> I can't say from this description
> you have to check
> 1) KMS logs
> 2) KMS URL (i guess port will be different in case of wss)
> 3) OM logs
> 4) browser console logs and/or browser's WebRTC debugging tools
>
>
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com>
> wrote:
>
> I installed KMS using podman not docker, I can't find the configuration
> file path you mentioned, where could it be located?
>
>
> Unfortunately I can't help here
> I neve use podman
>
>
>
> So the steps are to edit the kurento.conf.json to enable secure
> connection, then to edit the applicatonContext.xml file to use wss//
> instead of ws:// in Kurento url, right?
>
>
> most probably you will need to create certificate for KMS (never did it
> myself, so you will have to experiment here)
>
>
>
>
> In a previous reply you mentioned that:
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
> So how to enable WebRTC tunneling with TURN server?
>
>
> TURN server was designed fo unhide user IP address (so tunneling is not
> necessary)
> Or to proxy WebRTC
> So it will work out-of-the-box
>
>
>
> بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
> wrote:
>
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
>
> You have to configure KMS to be secured BEFORE you you will made changes
> to applicationContext.xml
>
> please check /etc/kurento/kurento.conf.json
> And official KMS documentation
>
>
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
Can you please share with me the architecture of the OM system, showing components and interfaces?
I don't understand how https is secure while the KMS socket is not secure? And what is the role of TURN in securing the connection? What should TURN be used in case of https protocol?
I think security of the system is questionable. Did you try to use wss:// in KMS url to test it before release?
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point of view right now everything works as expectedOM uses HTTPS and wss for internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS ....
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i guess port will be different in case of wss)3) OM logs4) browser console logs and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
On Fri, 17 Jul 2020 at 15:29, Online Use <fo...@yahoo.com>
wrote:
> I also used cert and key files for TLS in COTURN, I used https in turnurl
> in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
>
> Probably the application itself is not designed to use TLS for Kurento and
> COTURN?
>
Not sure which application are you talking about :(
OM doesn't use TURN, WebRTC in browser uses TURN ....
>
>
> بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <
> foronlineuseemail@yahoo.com> كتب:
>
>
> I found this note in Kurento documentation:
> https://doc-kurento.readthedocs.io/en/stable/features/security.html
>
> *Keep in mind that serving your application through HTTPS, forces you to
> use WebSockets Secure (WSS) if you are using websockets to control your
> application server.*
>
> So how the OM system is working while the applicationContext.xml used
> ws:// connection url?
>
I would check the traffic with some sniffer and the ask KMS devs
From my point of view right now everything works as expected
OM uses HTTPS and wss for internal websocket messages
AND it has KMS at ws URL ....
>
> Is it secure enough to use https in the browser without using wss
> connection? Are all media streams including audio and video encrypted this
> way?
>
I guess audio/video is NOT encrypted
this is why i wrote you need to secure KMS ....
>
>
> Moreover, I edited the kurento.conf.json file to include path to the
> certificate file, and edited the applicationContext.xml file to use
> wss:// with secure port, but the OM raised an error message saying the
> media server is inaccessible. What is the porblem?
>
I can't say from this description
you have to check
1) KMS logs
2) KMS URL (i guess port will be different in case of wss)
3) OM logs
4) browser console logs and/or browser's WebRTC debugging tools
>
>
>
>
> بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com>
> wrote:
>
> I installed KMS using podman not docker, I can't find the configuration
> file path you mentioned, where could it be located?
>
>
> Unfortunately I can't help here
> I neve use podman
>
>
>
> So the steps are to edit the kurento.conf.json to enable secure
> connection, then to edit the applicatonContext.xml file to use wss//
> instead of ws:// in Kurento url, right?
>
>
> most probably you will need to create certificate for KMS (never did it
> myself, so you will have to experiment here)
>
>
>
>
> In a previous reply you mentioned that:
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
> So how to enable WebRTC tunneling with TURN server?
>
>
> TURN server was designed fo unhide user IP address (so tunneling is not
> necessary)
> Or to proxy WebRTC
> So it will work out-of-the-box
>
>
>
> بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
> wrote:
>
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
>
> You have to configure KMS to be secured BEFORE you you will made changes
> to applicationContext.xml
>
> please check /etc/kurento/kurento.conf.json
> And official KMS documentation
>
>
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
I also used cert and key files for TLS in COTURN, I used https in turnurl in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and COTURN?
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use <fo...@yahoo.com> كتب:
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
I found this note in Kurento documentation: https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use WebSockets Secure (WSS) if you are using websockets to control your application server.
So how the OM system is working while the applicationContext.xml used ws:// connection url?
Is it secure enough to use https in the browser without using wss connection? Are all media streams including audio and video encrypted this way?
Moreover, I edited the kurento.conf.json file to include path to the certificate file, and edited the applicationContext.xml file to use wss:// with secure port, but the OM raised an error message saying the media server is inaccessible. What is the porblem?
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com> wrote:
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself, so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
On Tue, 14 Jul 2020 at 13:31, Online Use <fo...@yahoo.com>
wrote:
> I installed KMS using podman not docker, I can't find the configuration
> file path you mentioned, where could it be located?
>
Unfortunately I can't help here
I neve use podman
>
> So the steps are to edit the kurento.conf.json to enable secure
> connection, then to edit the applicatonContext.xml file to use wss//
> instead of ws:// in Kurento url, right?
>
most probably you will need to create certificate for KMS (never did it
myself, so you will have to experiment here)
>
>
> In a previous reply you mentioned that:
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
> So how to enable WebRTC tunneling with TURN server?
>
>
TURN server was designed fo unhide user IP address (so tunneling is not
necessary)
Or to proxy WebRTC
So it will work out-of-the-box
>
> بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
> wrote:
>
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
>
> You have to configure KMS to be secured BEFORE you you will made changes
> to applicationContext.xml
>
> please check /etc/kurento/kurento.conf.json
> And official KMS documentation
>
>
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
I installed KMS using podman not docker, I can't find the configuration file path you mentioned, where could it be located?
So the steps are to edit the kurento.conf.json to enable secure connection, then to edit the applicatonContext.xml file to use wss// instead of ws:// in Kurento url, right?
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
On Mon, 13 Jul 2020 at 14:11, Online Use <fo...@yahoo.com>
wrote:
> I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
> file, but in this case the media server wasn't accessible. So how the wss
> protocol is supposed to be used?
>
You have to configure KMS to be secured BEFORE you you will made changes to
applicationContext.xml
please check /etc/kurento/kurento.conf.json
And official KMS documentation
>
> Also how to configure tunneling with the TURN sever?
>
> Thank you.
>
>
> بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
>
>
> On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
> wrote:
>
> Excuse me, but what is wss?
>
>
> You can easily google this
> WSS is secured version of WS
> both WS and WSS are protocol prefix for WebSockets
>
>
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
>
> RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
> And NO
> In WebRTC tunneling is made by front-end proxy (the config is not trivial)
> OR with TURN server if user is behind strict FW
>
>
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
>
> NO
> RTMP if part of Adobe Flash which is discontinued
> This is why we have moved from RTMP to WebRTC
>
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
>
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml file, but in this case the media server wasn't accessible. So how the wss protocol is supposed to be used?
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC tunneling is made by front-end proxy (the config is not trivial)OR with TURN server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
On Sun, 12 Jul 2020 at 23:46, Online Use <fo...@yahoo.com>
wrote:
> Excuse me, but what is wss?
>
You can easily google this
WSS is secured version of WS
both WS and WSS are protocol prefix for WebSockets
>
> Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
>
RTMPS doesn't provide tunneling, you need RTMPTS for tunneling
And NO
In WebRTC tunneling is made by front-end proxy (the config is not trivial)
OR with TURN server if user is behind strict FW
>
> Don't you have any plans for including red5 and RTMPS in future releases?
> What is the alternative technology?
>
NO
RTMP if part of Adobe Flash which is discontinued
This is why we have moved from RTMP to WebRTC
>
> Thanks.
>
>
> بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <
> solomax666@gmail.com> كتب:
>
>
> RTMP/RTMPT/RTMPS is for 4.0.x only
> for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
>
> On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
> wrote:
>
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: RTMPS security
Posted by Online Use <fo...@yahoo.com>.
Excuse me, but what is wss?
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
Don't you have any plans for including red5 and RTMPS in future releases? What is the alternative technology?
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik <so...@gmail.com> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that correct?
--
Best regards,
Maxim
Re: RTMPS security
Posted by Maxim Solodovnik <so...@gmail.com>.
RTMP/RTMPT/RTMPS is for 4.0.x only
for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <fo...@yahoo.com>
wrote:
> Hello,
>
> Is RTMPS enabled by default once SSL is implemented?
>
> I know red5 is not supported for M4 release, but how to enable RTMPS for
> audio/video encryption?
>
> I understand red5 is only needed for IP telephone not for PC voip, is that
> correct?
>
--
Best regards,
Maxim