I have been able to use TLS port and certificates with TURN in the
applicationContext.xml file without a problem, but the TURN url doesn't include
protocol (https or wss) only the TLS port number. I have actually commented out
the non-secure port setting in coturn conf. file. It's working fine, but I'm
not sure if the url should contain protocol directive https or wss or none?
When I used the https directive I got an error message NS_ERROR_UNEXPECTED. Any
comments?
My problem now is with the KMS url, I have specified the TLS port and
certificates, but when I use the wss:// protocol I get the error of media
server is not accessible. Could someone try to use this secure setting and
confirm if it's working properly or not to make sure what is the issue at my
end?
بتاريخ السبت، 18 تموز 2020 7:54:31 م غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Sun, 19 Jul 2020 at 00:26, Online Use <[email protected]> wrote:
Can you please share with me the architecture of the OM system, showing
components and interfaces?
we don't have such diagram ATM
I don't understand how https is secure while the KMS socket is not secure? And
what is the role of TURN in securing the connection? What should TURN be used
in case of https protocol?
Out-of-the-box OM provides HTTPS which ensures login and all UI actions are
securedKMS out-of-the-box is NOT secured, and it is OM-server-admin task to
secure it
TURN is used to be able to negotiate connection with users without real IPIt
tries to resolve user IP so direct connection can be established
establishedORbypass all WebRTC traffic like SOCKS proxy if IT is NOT
resolvable(I believe you can easily Google above info with much more details)
So if you want fully secured system you have to ensure both KMS and TURN are
secured as well
I think security of the system is questionable. Did you try to use wss:// in
KMS url to test it before release?
I see no need in such testWe are using KMS API to control connections (drop,
create recording chains etc.) We are not working with audio/video streams
directly this is the task of media server
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <[email protected]> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in
the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and
COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC
in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use
<[email protected]> كتب:
I found this note in Kurento documentation:
https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use
WebSockets Secure (WSS) if you are using websockets to control your application
server.
So how the OM system is working while the applicationContext.xml used ws://
connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point
of view right now everything works as expectedOM uses HTTPS and wss for
internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection?
Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS
....
Moreover, I edited the kurento.conf.json file to include path to the
certificate file, and edited the applicationContext.xml file to use wss:// with
secure port, but the OM raised an error message saying the media server is
inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i
guess port will be different in case of wss)3) OM logs4) browser console logs
and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <[email protected]> wrote:
I installed KMS using podman not docker, I can't find the configuration file
path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection,
then to edit the applicatonContext.xml file to use wss// instead of ws:// in
Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself,
so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end
proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not
necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <[email protected]> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
file, but in this case the media server wasn't accessible. So how the wss
protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to
applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <[email protected]> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are
protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC
tunneling is made by front-end proxy (the config is not trivial)OR with TURN
server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What
is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved
from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set
up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <[email protected]> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for
audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that
correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
