Jvb on port 80 with TCP_HARVESTER_SSLTCP off

Hi,

I’ve configured JVB to work with port 80 using:
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=80

my firewall blocked the connection, but then I’ve added:
org.jitsi.videobridge.TCP_HARVESTER_SSLTCP=false

and then my firewall didn’t block me anymore…

trying to avoid TURN servers, is it possible that I’ve found a loophole?? :sweat_smile:

what am I missing? why is this scenario not recommended?

1 Like

The ssltcp is a pseudo ssl over the tcp connection, which some firewalls doing packet inspections detect and drop as it is not real ssl.
That’s why turnserver with a publicly trusted certificate is recommended.
Also we have been seeing bad performance of the TCP harvesters.

Hi @damencho, 10x for replying!!

I guess “pseudo ssl over the tcp” makes sense when working with port 443…

But what about port 80? did you have FW issues with it?

Regarding performance, it seems like browsers prefer UDP, so TCP should be only as a fallback… am i wrong?

Correct, TCP should be fallback.

No idea.

guess i’ll found out the hardway :slight_smile:

i wonder if a TURN server on port 80 without certificate will work well…