hushuitian / rfc5766-turn-server

Automatically exported from code.google.com/p/rfc5766-turn-server
0 stars 0 forks source link

authentication with TLS followed by unencrypted relaying data #135

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I want to use authentication with TLS for securing credentials but not encrypt 
data when relaying, I think this has to be possible with TURN server but after 
research couldn't find any solution.

Original issue reported on code.google.com by Jbarami...@gmail.com on 28 Aug 2014 at 6:45

GoogleCodeExporter commented 9 years ago
This is not possible, according to the TURN specs. We are not doing anything 
that is against the specs.

Original comment by mom040...@gmail.com on 28 Aug 2014 at 6:58

GoogleCodeExporter commented 9 years ago
Thanks for response.
Is it possible with coturn server?

Original comment by Jbarami...@gmail.com on 28 Aug 2014 at 8:29

GoogleCodeExporter commented 9 years ago
No, the same is true for coturn.

Original comment by mom040...@gmail.com on 28 Aug 2014 at 2:26

GoogleCodeExporter commented 9 years ago
but coturn supports RFC 6062, which supports having different connections for 
relaying data and TURN messaging. So if I do TLS negotiation on control 
connection and then create new connection for relaying data it will also be 
encrypted even if I don't start TLS there?

Thanks.

Original comment by Jbarami...@gmail.com on 28 Aug 2014 at 3:33

GoogleCodeExporter commented 9 years ago
The relaying connection in the beginning still has a negotiation dialog with 
the same credentials. So if you are using a "plain" relaying connection then 
you are revealing the credentials that you were trying to hide in the control 
connection. So it makes no sense.

Original comment by mom040...@gmail.com on 28 Aug 2014 at 4:29