[Live-devel] LIVE555- RTSP Server

Ross Finlayson finlayson at live555.com
Tue Sep 5 10:48:01 PDT 2017 

> The matter is in germany you need for a good product a very high level on security. That means we need a solution for live555 server to learn SSL.
> Is there a possibility to do that? We use at this time in development the "testOnDemandRTSPServer". On your documentation you say 'no' because live555 is only a lightwight streamer.

I don’t think we say that, specifically.

But, in any case, it’s not clear exactly what you’re asking for.

It's important to understand how the IETF-standard RTSP protocol (and thus, our “LIVE555 Media Server”, which implements this protocol) works.  RTSP uses a TCP channel for control.  RTSP commands (to the server) and responses (from the server) are sent over this TCP channel. Note that you can easily add authentication to our server implementation, so that only authorized clients (with a username, password) can access a stream.  Note the code bracketed with
	#ifdef ACCESS_CONTROL
	#endif
in “testOnDemandRTSPServer.cpp”.  Note that RTSP’s ‘digest’ authentication mechanism (as implemented by our server) does *not* involve passwords being sent ‘in the clear’ over the TCP channel.  Even if someone were to observe the TCP channel, they could not learn passwords.

Some people have asked for the RTSP control channel to be a SSL channel, rather than a standard TCP channel - even though (as explained above) that is not necessary for authentication.  (It might prevent some ‘man in the middle’ attacks, however.)  Unfortunately, that is not possible in our current implementation, because sending/receiving data over a SSL channel uses completely different operations than sending/receiving data over a standard TCP channel. 

In any case, audio/video data streamed from the server is not (in most cases) sent over the RTSP’s control (i.e., TCP) connection.  Instead, this data is streamed as RTP packets (over UDP), which are not encrypted.  (An updated version (RTSP 2.0) of the RTSP protocol did add support for SRTP (encrypted RTP packets), but nobody - including us - implements this.)


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/

More information about the live-devel mailing list