[Live-devel] FYI: We now support optional server streaming using SRTP (with TLS being used for the RTSP connection)
Ross Finlayson
finlayson at live555.com
Tue Jul 19 16:23:35 PDT 2022
I have already mentioned this a little, but until now had not yet fully reported it.
The “LIVE555 Streaming Media” code now supports (optional) server streaming via SRTP (i.e., ‘secure (encrypted) RTP’). (*Client* support for SRTP has existed for more than a year.)
To configure a RTSP server to stream via SRTP, you must (before accepting connections on the server) call “setTLSState()” to configure it to accept connections via TLS. I.e., call:
rtspServer->setTLSState(certFileName, privKeyFileName, weServeSRTP, weEncryptSRTP);
(see “liveMedia/include/RTSPServer.hh”)
where:
- “certFileName” is the (path) name of your TLS certificate file.
- “privKeyFileName” is the (path) name of your TLS private key file.
- “weServeSRTP” (default value: True) says whether you want SRTP. (If this is False, then the RTSP server will use TLS, but not SRTP.)
- “weEncryptSRTP” (default value: True) is used only if “weServeSRTP” is True. (If this is False, then the RTSP server will send SRTP/SRTCP packets, but with ’null’ encryption.)
You can see an example (#ifdef’d) of this call in “testProgs/testOnDemandRTSPServer.cpp” - the code for the unicast RTSP server demo application “testOnDemandRTSPServer”. (However, this should also work if your server is using a "PassiveServerMediaSubsession” object, to stream via multicast.)
Also, if you also configure a port number for streaming RTSP/RTP/RTCP-over-HTTP - by calling “setUpTunnelingOverHTTP()” - then the server will use HTTPS, rather than regular HTTP, on this port.
(Of course, all of this requires OpenSSL, so will *not* work if you’re compiling with “-DNO_OPENSSL=1”.)
Many thanks to Thales Group for sponsoring this work.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list