Closed fengmao31 closed 1 year ago
pabuhler
commented
1 year ago This is not really a topic for libsrtp, but the general answer is that most real time media is sent over UDP and not TCP, in which case SSL/TLS is not viable. These days there is the option of DTLS for UDP but that was not available before and SRTP is designed to have a low overhead on the wire and is tailed to the RTP format.
fengmao31
commented
1 year ago I test openssl and lisrtp. the cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is chosen by TLS process. The cipher is 9-100us in encryption and socket sent process, 45-500us in decryption and socket recive process. It is hard to cut down two process to test because it looks like some data in Bio is too long and it need more than one packages to send.
The lisrtp need 80us to encryption and 100us to decryption. Maybe the variance in time because the repeat list check and HMAC function.
By the way, I think the two function is useless because TLS make sure no Man-in-the-Middle Attack.
fengmao31
commented
1 year ago I test the openssl TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 speed again. The client encryption speed is 19-79us. The server decryption speed is 20-48us .The client decryption speed is 19-76us. Most data is between 20-30us.
pabuhler
commented
1 year ago @fengmao31 as I mentioned before this is not really a libsrtp topic and you are free to send you media over what ever encrypted channel you like. TLS for realtime media is a bad choice due to potential delays but DTLS is most likely a valid alternative. If you are doing speed comparisons then ensure that you use libsrtp that is configured to use openssl and the GCM algorithm, and compare against DTLS and not TLS.
fengmao31
commented
1 year ago OK. thank you.
I start to make a rtsp tcp project. I find webrtc project use libsrtp to encrypt data. but some rtsp with ssl use the default function SSL_Write and SSL_Read to encrypt data. openssl default encryption is 3DE CBC. Also, in the websockets hv project also only use openssl default encryption. I only know default 3DE is weaker than AES in libsrtp.