Bug 214402

Summary: Support AES GCM ciphers in WebRTC
Product: WebKit Reporter: Ben <ben.browitt>
Component: WebRTCAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: eric.carlson, ews-watchlist, glenn, hta, jer.noble, oscar.divorraescoda, philipj, sergio, tommyw, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Ben 2020-07-16 03:38:38 PDT 
AES GCM ciphers in WebRTC gives better security and much better performance because of hardware acceleration and single step for encrypt + mac.
Safari is the only browser missing support.

Chrome 84/Edge
https://bugs.chromium.org/p/chromium/issues/detail?id=713701

Firefox 64
https://bugzilla.mozilla.org/show_bug.cgi?id=1416534
Comment 1 Radar WebKit Bug Importer 2020-07-16 18:17:21 PDT 
<rdar://problem/65700381>
Comment 2 Ben 2021-03-30 06:33:25 PDT 
Any news on AES GCM support? It has a significant effect on SFUs.
Comment 3 Ben 2021-09-28 12:53:17 PDT 
Safari 15.0 still uses SRTP_AES128_CM_HMAC_SHA1_80 without support for SRTP_AEAD_AES_128_GCM. Any chance for AES GCM support? This will result with significant CPU saving on SFUs (10%-20%) which is also important to the environment.
Comment 4 youenn fablet 2021-09-29 00:26:51 PDT 
Created attachment 439574 [details]
Patch
Comment 5 youenn fablet 2021-09-29 00:27:49 PDT 
Hi Ben, do you know of any webrtc solution where I can try using AES GCM myself?
Comment 8 Ben 2021-09-29 14:09:54 PDT 
Got advice to test with Janus and check the srtp dtls extension in a pcap from Safari
https://janus.conf.meetecho.com/echotest.html
Comment 9 youenn fablet 2021-09-30 03:11:41 PDT 
Thanks Ben, I validated this with mediasoup.
Comment 10 EWS 2021-09-30 09:05:42 PDT 
Committed r283315 (242340@main): <https://commits.webkit.org/242340@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 439574 [details].