[jitsi-dev] dtls handshake error message in jitsimeet


#1

Hi all,

I've been using latest jitsi-meet (nightly debian packages) following the
quick install guide.

I'm looking through the debug logs in jvb and I see this message:

WARNING: [449883]
org.jitsi.impl.neomedia.transform.dtls.DatagramTransportImpl.warn() Unknown
DTLS handshake message type: 55

What exactly does this mean? it seems to me that the dtls handshake is
failing which I imagine would mean a security issue. IIRC DTLS-SRTP should
check the fingerprints of the certs to make sure there is no MiTM.

So does this error message point to a MiTM? How does jitsi-meet check the
fingerprints to make sure there's no funny business going on? What parts of
the code should I be looking at for this?)

Cheers,
Peter


#2

Hey Peter,

We actually have an open ticket for investigating this. We do see the error
every now and then but we have yet to uncover the reason.

Emil

···

On Tuesday, 3 May 2016, Peter Villeneuve <petervnv1@gmail.com> wrote:

Hi all,

I've been using latest jitsi-meet (nightly debian packages) following the
quick install guide.

I'm looking through the debug logs in jvb and I see this message:

WARNING: [449883]
org.jitsi.impl.neomedia.transform.dtls.DatagramTransportImpl.warn() Unknown
DTLS handshake message type: 55

What exactly does this mean? it seems to me that the dtls handshake is
failing which I imagine would mean a security issue. IIRC DTLS-SRTP should
check the fingerprints of the certs to make sure there is no MiTM.

So does this error message point to a MiTM? How does jitsi-meet check the
fingerprints to make sure there's no funny business going on? What parts of
the code should I be looking at for this?)

Cheers,
Peter

--
sent from my mobile


#3

Also, if I correctly understand what Lyubomir told me about this, it doesn't cause any problems apart from some DTLS data being split into multiple UDP packets, while it could be sent in just one.

Boris

···

On 07/05/16 08:52, Emil Ivov wrote:

Hey Peter,

We actually have an open ticket for investigating this. We do see the
error every now and then but we have yet to uncover the reason.