search

sipsorcery-org / sipsorcery

A WebRTC, SIP and VoIP library for C# and .NET. Designed for real-time communications apps.
https://sipsorcery-org.github.io/sipsorcery
Other
1.47k stars 442 forks source link

DTLS server raised unexpected alert: fatal(2), handshake_failure(40). #1149

Closed SergDev87 closed 6 days ago

SergDev87 commented 3 months ago

Hello community. I'm using sipsorcery to create a WebRTC client that will display a video that is being streamed using aiortc. I have a problem that I can't solve. This is the error “DTLS server raised unexpected alert: fatal(2), handshake_failure(40).” I see that similar problems have already been discussed, but I have not been able to solve this problem myself.

This is how I create an RTCPeerConnection:

            var config = new RTCConfiguration
            {
                iceServers = new List<RTCIceServer>
                {
                    new RTCIceServer { urls = "stun:stun.l.google.com:19302" }
                },
                X_DisableExtendedMasterSecretKey = true
            };

            var peerConnection = new RTCPeerConnection(config);

Client log file:

[23:01:53 DBG] ICE connection state changed to connected. [23:01:53 DBG] Peer connection connected changed to connecting. [23:01:53 INF] ICE connected to remote end point хх.ххх.ххх.ххх:57376. [23:01:53 DBG] Starting DLS handshake with role passive. [23:01:53 DBG] RTCPeerConnection DoDtlsHandshake started. [23:01:53 DBG] DTLS commencing handshake as server. [23:01:53 WRN] DTLS server raised unexpected alert: fatal(2), handshake_failure(40). [23:01:53 WRN] DTLS handshake as server failed. handshake_failure(40) Org.BouncyCastle.Crypto.Tls.TlsFatalAlert: handshakefailure(40) at Org.BouncyCastle.Crypto.Tls.DtlsServerProtocol.Accept(TlsServer server, DatagramTransport transport) in //crypto/src/crypto/tls/DtlsServerProtocol.cs:line 59 at SIPSorcery.Net.DtlsSrtpTransport.DoHandshakeAsServer(String& handshakeError) [23:01:53 WRN] RTCPeerConnection DTLS handshake failed with error handshake_failure(40). [23:01:53 DBG] Peer connection closed with reason dtls handshake failed. [23:01:53 DBG] RtpIceChannel for [::]:51866 closed. [23:01:53 DBG] RTPChannel closing, RTP receiver on port 51866. Reason: dtls handshake failed. [23:01:53 DBG] Peer connection connected changed to closed. [23:01:53 DBG] Peer connection connected changed to failed.

I would be grateful for any help. Thank you.

SergDev87 commented 3 months ago

Set up certificates on the server and client side. But the error remained.

sipsorcery commented 6 days ago

I've just completed some improvements on DTLS certificates and DTLS cipher suite selection in #1201.

The failure in your logs was typical of the case where the client only supported ECDSA. Up until the improvements above this library only supported RSA meaning there was no compatible ciper suite for the DTLS handshake. Should be good now.