16 Sep
2024
16 Sep
'24
9:53 a.m.
On 16/09/2024 05.57, Daniel Donoghue via sr-users wrote:
I will look more closely at keydb (thanks for the
heads-up) but will
that work with encrypted media? My understanding was that another
rtpengine could not reliably take over an encrypted session as there
is no mechanism for sharing the DTLS handshake/connection.
DTLS is indeed a problem as the state of a DTLS connection cannot be
serialised and restored after a restart or on a different node. The SRTP
flow itself should be able to be restored or migrated to another node,
as the SRTP keys are extracted from the DTLS connection after the
handshake completes, and so the DTLS connection itself isn't required to
be intact for SRTP to flow. However, if the remote peer decides to do
subsequent DTLS handshakes or a rekeying etc, then things would start
breaking. What exactly would happen in such a case is probably
implementation dependent.
Cheers