riot-android
riot-android copied to clipboard
element-hq
TURNS (TURN with TLS/DTLS) socket buffer operation error
TURNS doesn't work.
With
turn_uris: [ "turns:domain.tld:5349?transport=udp", "turns:domain.tld:5349?transport=tcp" ]
or
turn_uris: [ "turns:domain.tld:3478?transport=udp", "turns:domain.tld:3478?transport=tcp" ]
turnserver reports an error: session closed ... reason: TLS/TCP socket buffer operation error (callback)
riot-web works fine, testssl.sh domain.tld:5349 and testssl.sh domain.tld:3478 also shows no errors.
@root562 yeah, I am also using my own TURN server . When I use non-ssl mode ( turn:yourdomain), it can be used, but ssl mode( turns:yourdomain ) will report an error
No SSL on my TURN. My Turn server is only accessible by VPN.
So, what the reason to reply have no problem if you even don't use TURNS?
I'm also seeing this with coturn 4.5.0.7-1ubuntu2.18.04. This is with riot 0.9.8 on Android 9.
I had no-tlsv1 and no-tlsv1_1 set in turnserver.conf but even after disabling those (thinking maybe the Android client only supports TLS 1.1) the issue remained. I'm using a very compatible cipher-list.
Can confirm it works flawlessly without TLS and that Nextcloud Talk works with the same coturn server using TLS.
Exact same issue here: (D)TLS does not work, only unencrypted communication works.
I am running coturn 4.5.1.1 from Debian and riot-android 0.9.9 on Android 9 Any workaround to have DTLS working ? Any news from the developpers ?
Same problem by me. DTLS does not work. Only unencrypted. Debian Buster coturn-4.5.1.1 matrix-synapse 1.7.3
I can confirm the same issue on riot android when using coturn with SSL. Unencrypted works fine. Do we know if this is in anyone's radar to fix?
I had the same problem on a debian buster system … My advice: double check the certificates on the coturn server (are they really valid?) an the paths to the certificates specified in turnserver.conf, make them accessible by the user running coturn.
same problem here. The android Riot app does not seem to be trusting the LetsEncrypt certificate. The coturn server is offering LetsEncrypt's fullchain.pem but Android's Riot.im is failing with TLS Alert "Unknown CA" when trying to contact the turns server.
It works fine through the Linux (riot-web) client.
Can any developer shed some light on which certificates store is used on the Android app to trigger the turns connection?
I've SSL cert from CA authority other than LetsEncrypt's and SSL and TURN server doesn't works properly with iOS and WEB Client. For workaround to work this i'm temporally disabled SSL with parameters at turnserver.conf:
no-sslv3 no-tlsv1 no-tlsv1_1 no-tlsv1_2
And works perfectly with audio and audio/video one-one via Riot client.
@djrzulf do you also get an Unknown CA TLS Alert in the packets dump? If so, which CA is your cert signed by?
Some problem here, using coturn with jitsi. Does it have something to do with the CA-file option?
same problem heare origin <>, local 127.0.0.1:4445, remote 127.0.0.1:38116, reason: TLS/TCP socket buffer operation error (callback)
lifetime=0, cipher=TLS_AES_256_GCM_SHA384, method=UNKNOWN
Actually, a still open issue. Have the same problems with coturn & BBB on Debian Buster, TLS ON = error, OFF = working. However, SSL/TLS ON => audio is working!?
I also have the problem, but it also doesn't work for me if I deactivate ssl/tls in my config. The it seems as the webclient connects succesfull, but the android app still fails.
Able to reproduce. works perfectly with turn:
Very similar to https://github.com/jitsi/jitsi-meet/issues/6383#issuecomment-632659991
