Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for retrieving negotiated SRTP profile #1278

Closed
jlaine opened this issue Jan 10, 2024 · 4 comments
Closed

Add support for retrieving negotiated SRTP profile #1278

jlaine opened this issue Jan 10, 2024 · 4 comments

Comments

@jlaine
Copy link
Contributor

jlaine commented Jan 10, 2024
edited

The aiortc project uses pyOpenSSL to perform a DTLS handshake and export SRTP keying material. Currently, the only enable a single SRTP profile using ctx.set_tlsext_use_srtp(b"SRTP_AES128_CM_SHA1_80") but we would like to start enabling GCM profiles (aiortc/aiortc#1012).

Enabling multiple SRTP profiles means that when the handshake completes, we need to know which SRTP profile was selected, for which OpenSSL provides SSL_get_selected_srtp_profile:

https://www.openssl.org/docs/man3.0/man3/SSL_get_selected_srtp_profile.html

This function is present in cryptography's bindings, so I would like to add a Connection.get_selected_srtp_profile method to wrap it, and return bytes:

  • empty if no SRTP profile was negotiated - or should this be None?
  • the name of the SRTP profile if one was negotiated

Using bytes as the return value makes the API consistent with Context.set_tlsext_use_srtp.

I'm happy to submit a PR if this sounds acceptable.
jlaine added a commit to jlaine/pyopenssl that referenced this issue Jan 10, 2024
@jlaine
Add Connection.get_selected_srtp_profile (pyca#1278)
e308209 
If an SRTP profile was negotiated as part of the handshake, make it
possible to retrieve the name of the profile. This is needed to
determine which profiles were offered using `Context.set_tlsext_use_srtp`
was actually selected.
jlaine added a commit to jlaine/pyopenssl that referenced this issue Jan 10, 2024
@jlaine
Add Connection.get_selected_srtp_profile (pyca#1278)
d62d7fc 
If an SRTP profile was negotiated as part of the handshake, make it
possible to retrieve the name of the profile. This is needed to
determine which profiles were offered using `Context.set_tlsext_use_srtp`
was actually selected.
jlaine added a commit to jlaine/pyopenssl that referenced this issue Jan 10, 2024
@jlaine
Add Connection.get_selected_srtp_profile (pyca#1278)
650d4f1 
If an SRTP profile was negotiated as part of the handshake, make it
possible to retrieve the name of the profile. This is needed to
determine which profiles were offered using `Context.set_tlsext_use_srtp`
was actually selected.
mhils pushed a commit that referenced this issue Jan 10, 2024
@jlaine
Add Connection.get_selected_srtp_profile (#1278) (#1279)
34b018f 
If an SRTP profile was negotiated as part of the handshake, make it
possible to retrieve the name of the profile. This is needed to
determine which profiles were offered using `Context.set_tlsext_use_srtp`
was actually selected.
@mhils mhils closed this as completed Jan 10, 2024
@jlaine
Copy link
Contributor Author

jlaine commented Jan 11, 2024

I think I borked the change log, I added my change at the bottom of what I assumed was the "latest" code but it looks as though I added it to an existing release!!

@alex
Copy link
Member

alex commented Jan 11, 2024

Ooops, if you can send a cleanup PR moving it ot the right place, that'd be great.

@jlaine
Copy link
Contributor Author

jlaine commented Jan 11, 2024

Ooops, if you can send a cleanup PR moving it ot the right place, that'd be great.

Sure, what's the usual phrasing for the "next release" section?

@alex
Copy link
Member

alex commented Jan 12, 2024

It'll be 24.0.0 (UNRELEASED) because calver. See 5ba8ce1 for what the last bump looked like.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alex @mhils @jlaine