[jitsi-users] ice4j support for TURN over TLS?


#1

I notice it is possible to add a TurnCandidateHarvester with the TLS
Transport, e.g.

  iceAgent.addCandidateHarvester(
     new TurnCandidateHarvester(
        new TransportAddress(server, port, Transport.TLS)
     )
  );

However, is Transport.TLS support implemented in ice4j?

If not, is Transport.TCP support implemented and could it be used as a
base for TLS support?

If TLS is supported, how does it resolve the server argument in
TransportAddress? Should the resolution of NAPTR and SRV records occur
within IceAgent, ignoring the port argument supplied by the user?

Or should the user of the IceAgent class be doing the NAPTR and SRV
resolution and then calling addCandidateHarvester multiple times, once
for each TransportAddress it discovered?

In the latter scenario, the API would need to be changed so that the
user of the IceAgent can specify the manually configured "host" value
that it used in NAPTR and SRV resolution, as that is the value that
needs to be matched in the certificate received from the server, as
specified here:

https://tools.ietf.org/html/rfc5928#section-5