[Live-devel] RTSP over SSL
Warren Young
warren at etr-usa.com
Mon Nov 28 12:54:23 PST 2016
On Nov 25, 2016, at 2:49 AM, Robin Swoboda <robin.swoboda at mobotix.com> wrote:
>
> So could it be an option to implement send and receive callbacks into live555 that we could use an own HTTPS client that performs the encryption
If you’re using RTSP *and* RTP over HTTPS, you don’t need to modify Live555, for the server side at least. Just set up an HTTPS reverse proxy, such as nginx or Apache with mod_proxy.
There are many guides on the internet for doing this, as Live555 is hardly the only HTTP-speaking app that doesn’t speak HTTPS.
Some people also like stunnel for this, but I have no experience with it.
As for the client side, I assume you could do much the same with a local proxy that listens on localhost: your client app connects to a hidden localhost port which causes the local HTTPS-aware proxy to go out and talk to the RTSP server over HTTPS, then provide the answer data over HTTP.
If you want RTSP over HTTP but RTP over UDP, there are DTLS proxies which can give this benefit:
https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security
https://duckduckgo.com/?q=dtls+proxy&ia=software
The bottom line is that TLS (and DTLS) is complicated enough that you wouldn’t want Live555 to implement it anyway. Not to knock on our benefactor, but it would almost certainly have some serious weakness, because implementing TLS correctly is nearly a full-time job these days. Leave TLS to the projects dedicated to doing it right.
More information about the live-devel
mailing list