AES GCM ciphers in WebRTC gives better security and much better performance because of hardware acceleration and single step for encrypt + mac. Safari is the only browser missing support. Chrome 84/Edge https://bugs.chromium.org/p/chromium/issues/detail?id=713701 Firefox 64 https://bugzilla.mozilla.org/show_bug.cgi?id=1416534
<rdar://problem/65700381>
Any news on AES GCM support? It has a significant effect on SFUs.
Safari 15.0 still uses SRTP_AES128_CM_HMAC_SHA1_80 without support for SRTP_AEAD_AES_128_GCM. Any chance for AES GCM support? This will result with significant CPU saving on SFUs (10%-20%) which is also important to the environment.
Created attachment 439574 [details] Patch
Hi Ben, do you know of any webrtc solution where I can try using AES GCM myself?
Some listed here: https://bugs.chromium.org/p/chromium/issues/detail?id=713701 Chrome is using AES-GCM when it is the DTLS client. Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1416534 pion: https://github.com/pion/webrtc#security I think TokBox: https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c75 Probably justin.tv: https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c20 Maybe Jitsi: https://github.com/jitsi/libjitsi/blob/master/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java#L106
Janus? https://github.com/meetecho/janus-gateway/blob/master/dtls.c#L64 Mediasoup: https://github.com/versatica/mediasoup/pull/322
Got advice to test with Janus and check the srtp dtls extension in a pcap from Safari https://janus.conf.meetecho.com/echotest.html
Thanks Ben, I validated this with mediasoup.
Committed r283315 (242340@main): <https://commits.webkit.org/242340@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 439574 [details].