[jitsi-dev] [jitsi/jitsi-videobridge] Chrome 55.0.2860.0 canary doesn't connect (#311)

I never get the iceConnectionState = connected event when using Chrome dev channel 55.0.2860.0

WebRTC Internals show that Chrome is sending bytes to Jitsi but Jitsi never sends a byte back: bytesReceived 0

It works fine with Chrome 53.

Any idea?

<img width="914" alt="screen shot 2016-09-14 at 6 03 42 pm" src="https://cloud.githubusercontent.com/assets/7404393/18535030/a35945ba-7aa5-11e6-8801-492117150264.png">

A quick glance, shows, that JVB has an issue with receiving DTLS from new chrome. It keep it sending with no server hello, and on the server side there are errors in JVB log, i did wireshark trace, and compared Client Hello packets from 53 and 55. The only difference is in signature_algorithms. Attaching full log, of broken call, and print screen of DTLS client hello packets form both chromes.
[JVB_DTLS_broken.txt](https://github.com/jitsi/jitsi-videobridge/files/475496/JVB_DTLS_broken.txt)

Looks like Chrome 55 removed SHA-1.

So far the roots are here https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.java#L31. But this is far beyond, of my competition.

Just dig for the reason why jitsi-meet is not suffering from this, and did find out that you mangle sdp answer a=setup:active to a=setup:passive, this leads to JVB sends a client hello packet, not the client, and this issue happens when a client is active, so client sends DTLS client hello to JVB.

This leads me to additional thoughts, that if your bridge is acting as setup:active then on focus level you should signal channel initiator to be false, as per this http://www.xmpp.org/extensions/inbox/colibri.html. Then, I wonder how did you not yet faced https://github.com/jitsi/jitsi-videobridge/issues/279.

Wanted to add what appears to be a relevant WebRTC issue: https://bugs.chromium.org/p/webrtc/issues/detail?id=6342

The issue "Chrome 55 dev includes RFC violation in DTLS" notes Bouncy Castle incompatibility specifically.

Small update for those following this issue:

The Chromium team merged in some changes to BoringSSL to resolve this issue. Should land in Canary here shortly.

At root were changes in BoringSSL for TLS 1.3 that caused problems negotiating with BouncyCastle.

The Chromium updates have rolled out and I can confirm that things are working as expected again with Chrome 55.

I think this issue should be ok to close now @Stefan1oo ?

Closed #311.

We saw this too but notice meet.jit.si doesn't seem to suffer from it. Our
libjitsi/jitsi-videobridge versions are a bit old at this point...is this
something that was fixed recently?