[openssl-users] Trying to understand DTLS (as it applies to webrtc)

faraz khan farazrkhan at gmail.com
Fri May 1 01:11:26 UTC 2015

Hi everyone,
This is my first time posting to this list - so if theres a better place
for this question please let me know.

The problem I'm trying to fix applies to the Janus webrtc gateway (
https://github.com/meetecho/janus-gateway) and my application which is
using native C++ webrtc.

What happens is that after hundreds of successful connections, sometimes
the Janus server is unable to negotiate a DTLS handshake and after a key
exchange the webrtc client replied with a DTLS Alert: Decrypt failed
message. I'm attaching a wireshark trace of the issue happening and one for
the correct negotiation.

The problem refuses to fix itself till Janus is restarted.

Both installations are using Openssl. Janus is compiled with version 1.0.1f

If someone can help explain how DTLS key exchange works and whats going
wrong in the above trace it would be great! I'm completely at a loss as far
as this is concerned!

Thanks all!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150501/e38be86d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WebrtcDTLSNegotation.pcapng
Type: application/octet-stream
Size: 7272 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150501/e38be86d/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: janusbaddtlsnegotiation.pcapng
Type: application/octet-stream
Size: 39736 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150501/e38be86d/attachment-0003.obj>

More information about the openssl-users mailing list