[Live-devel] TLS over RTSP
Ross Finlayson
finlayson at live555.com
Wed Oct 8 08:33:42 PDT 2014
1/ I think you mean "RTSP over TLS", not "TLS over RTSP".
2/ The "rtsps" URL scheme was defined only for the proposed RTSP 2.0 protocol, which nobody (including us) implements.
3/ If it's only 'man-in-the-middle' attacks that you care about, then regular RTSP (digest) authentication should protect against that. (However, that does not provide any confidentiality of the RTSP or media traffic.)
4/ Note that even if you were to use encryption to provide confidentiality of the RTSP (TCP) traffic, that would nor provide any confidentiality of the media (RTP/RTCP, i.e., UDP) traffic, unless you are tunneling RTP/RTCP-over-TCP (which is something that we discourage, unless you have a firewall that blocks UDP packets.
Nonetheless, if you are using the "LIVE555 Streaming Media" software to implement both the RTSP server and (all of) your RTSP clients, then you can implement RTSP over a TLS connection by setting up - at each end - a TLS connection, and then:
- In each RTSP client, use the (otherwise optional) "socketNumToServer" parameter to "RTSPClient::createNew()" to specify the socket number of the TSL connection.
- In your RTSP server, subclass "RTSPServer", and, in your subclass's constructor, pass the socket number of the TLS connection as the "ourSocket" parameter in your call to the "RTSPServer" constructor.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20141008/a6302c28/attachment-0001.html>
More information about the live-devel
mailing list