[jitsi-dev] [jitsi/jitsi-videobridge] Chrome 55.0.2860.0 canary doesn't connect (#311)


#1

I never get the iceConnectionState = connected event when using Chrome dev channel 55.0.2860.0

WebRTC Internals show that Chrome is sending bytes to Jitsi but Jitsi never sends a byte back: bytesReceived 0

It works fine with Chrome 53.

Any idea?

···

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311


#2

<img width="914" alt="screen shot 2016-09-14 at 6 03 42 pm" src="https://cloud.githubusercontent.com/assets/7404393/18535030/a35945ba-7aa5-11e6-8801-492117150264.png">

···

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247203745


#3

A quick glance, shows, that JVB has an issue with receiving DTLS from new chrome. It keep it sending with no server hello, and on the server side there are errors in JVB log, i did wireshark trace, and compared Client Hello packets from 53 and 55. The only difference is in signature_algorithms. Attaching full log, of broken call, and print screen of DTLS client hello packets form both chromes.
![jvb dtls issue](https://cloud.githubusercontent.com/assets/4701803/18565891/4a3ca0b2-7b9a-11e6-944e-95f1f251d4cc.png)
[JVB_DTLS_broken.txt](https://github.com/jitsi/jitsi-videobridge/files/475496/JVB_DTLS_broken.txt)

···

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247441481


#4

Looks like Chrome 55 removed SHA-1.

···

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247452549


#5

So far the roots are here https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.java#L31. But this is far beyond, of my competition.

···

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247462179


#6

Just dig for the reason why jitsi-meet is not suffering from this, and did find out that you mangle sdp answer a=setup:active to a=setup:passive, this leads to JVB sends a client hello packet, not the client, and this issue happens when a client is active, so client sends DTLS client hello to JVB.

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247477401


#7

This leads me to additional thoughts, that if your bridge is acting as setup:active then on focus level you should signal channel initiator to be false, as per this http://www.xmpp.org/extensions/inbox/colibri.html. Then, I wonder how did you not yet faced https://github.com/jitsi/jitsi-videobridge/issues/279.

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247479968


#8

Wanted to add what appears to be a relevant WebRTC issue: https://bugs.chromium.org/p/webrtc/issues/detail?id=6342

The issue "Chrome 55 dev includes RFC violation in DTLS" notes Bouncy Castle incompatibility specifically.

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247628877


#9

Small update for those following this issue:

The Chromium team merged in some changes to BoringSSL to resolve this issue. Should land in Canary here shortly.

At root were changes in BoringSSL for TLS 1.3 that caused problems negotiating with BouncyCastle.

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-248743147


#10

The Chromium updates have rolled out and I can confirm that things are working as expected again with Chrome 55.

I think this issue should be ok to close now @Stefan1oo ?

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-249251044


#11

Closed #311.

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi-videobridge/issues/311#event-800747232


#12

We saw this too but notice meet.jit.si doesn't seem to suffer from it. Our
libjitsi/jitsi-videobridge versions are a bit old at this point...is this
something that was fixed recently?

···

On Thu, Sep 15, 2016 at 2:34 PM, sarumjanuch <notifications@github.com> wrote:

So far the roots are here https://github.com/bcgit/bc-
java/blob/master/core/src/main/java/org/bouncycastle/crypto/tls/
SignatureAndHashAlgorithm.java#L31. But this is far beyond, of my
competition.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<https://github.com/jitsi/jitsi-videobridge/issues/311#issuecomment-247462179>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AER2Y_6izOUnKK4rJxiOvrFlSUT86QJVks5qqboCgaJpZM4J9ZXQ>
.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev