we are using jitsi as an pilot in an iframe integration. Everything worked fine by now. But now we got the legal requirement that our conferences have to be end to end encrypted.
I have implemented a direct activation of e2ee, after the room is joined, which is working fine, but we are facing some issues on safari browsers. We know that enableEncodedTransformSupport is experimental, but unfortunately it is somehow a dealbreaker for our management, that we have to exclude iOS devices completely, since the native sdk has e2ee not included too. The restriction that we only support iOS 15.4+ devices was discussable, since there are now other technical possibilities.
So the issues we have with enableEncodedTransformSupport are following:
The audio stream seems to work fine, but the video stream is only visible in p2p, and even then, veeery laggy (more freezed frames than moving ones) and often it just disables the videostream because of bandwidth.
Is there something that can be configured to improve the performance somehow? Or can someone explain why the performance is so bad in this case?
TBH I only did some lightweight testing on desktop Safari, not iOS. I’m not sure how they handle the insertable streams part, it if needs to touch the main thread that would explain what you see, but that’d be surprising.
Regarding video, what codecs were you using? The current implementation is really only suitable for VP8.
Thanks for the info. I looked into our configs and mentioned a mistake there, so that the preferredCodec is not set properly, so its using the default. We will change it to VP8 and check again, i have no access to the server unfortunately, so i have to wait for the change.
BTW, the same issue appeared in desktop Safari as well.
Just an additional question, do you have an idea when the e2ee in the native SDKs is in a testable state somehow, and is there a possibility to provide help in the development there? The native application would also be possibility to provide the e2ee conferences for older iOS devices, which would be really great for us.
Okay, then i guess it will not be a configuration issue here, but somehow an incompatibility with safari currently Our QA also tested it, faced the same issues as i, safari video is not working at all in our conferences. I guess since this feature is experimental it will not get so much focus right?
But they had another issue, which i hadn’t in my own testings, they faced some issues in the e2ee with chromiums as well. Sometimes the key rotation seemed not to work properly, and some connections seemed to have the wrong key then, so we had the encrypted video and audio in some streams. Happened most of the times when another user joined or left so i assume its because of the rotation, but one time suddenly inside the call without a join/leave event happening. Are we the only one facing these issues?
If yes, what could be the issue? Unfortunately we are using zscaler in our company network, so we are facing a lot of restrictions regarding ports etc. But our customers have similar issues, so we need to fix it somehow.
Btw in this example picture not everyone saw this participant encrypted, some could decrypt the stream properly, it seemed somehow that the new key was not distributed to all participants, but some.
Am i right that the OLM sessions are p2p connection to each participants? What happens if the peer connection drops inside the call because of network issues, or when the connection could not be established because of blocked ports, is there also a turn server involved then? And what happens if even the ports for the turn servers are blocked. And which turn servers are used for this? Is it the config p2p.stunServers? i see that we only have the stun protocol in there? Could this somehow explain the issue?
If nothing else helps, would be the managed e2ee key mode a way to prevent these kind of issues? (there are 2 commands in the external_api somehow, setMediaEncryptionKey and e2eeKey). I would not like to go this way, but for now i have to find a solution.
sorry for that much questioning, currently the jitsi e2ee topic gains a lot of attention in the company and so does the time pressure then
I implemented the e2ee now with the managed keymode with my own key distribution which works fine now, but i would like to know when this bug is fixed, so i can switch to OLM again. Is there an open github issue for this? I just found Participants joining a call get assigned a different / wrong encryption key · Issue #11556 · jitsi/jitsi-meet · GitHub somehow, is this the one for this known race condition?
Is there also a possibility to gain the focus on the safari implementation somehow? Since iOS 15.4 the functionality is available by default on safari and webkit, so it would be nice to enable this for users. Just as information, audio stream works fine, for iOS user we currently limit the usage to sendAudio only.
Should there be opened an github issue for this?