dtls | A pure Rust implementation of DTLS | Cryptography library

I've been trying to build Qt 6.2.2 from source. I downloaded the sources package from the online installer but it fails each time, each time with a different error. I've tried a variety of configurations such as:

First, I want to mention that I am very new to WebRTC, so any advice would be very helpful.

Currently I am using aiortc library to build my own WebRTC app. Here is what I am trying to do.

I have 2 peers, one is web browser, which is written in javascript, and another one is python script, which is working as signaling server and peer at the same time. So If you access to my web page, you will send video frame to server and then the server will make modification of that then send it back.

So I finished testing my app on LAN environment and everything worked as I expected. But once I deployed my app to remote server (Google cloud run) , I encountered Ice connection state failing issue. And gets this log on remote server.

enter image description here

(I think it is due to disconnection between peers, not low memory problem. I tried with 16GB RAM and 4 cpus and still didn't work)

Then, I dig into more information, and found that TURN/STUN server is necessary to build WebRTC app over Internet. So I added google STUN server to my RTCPeerConnection like this. [{'urls': 'stun:stun.l.google.com:19302'}, {'urls': 'stun:stun1.l.google.com:19302'}, {'urls': 'stun:stun2.l.google.com:19302'}] (I added both side on javascript and python because both side is working as peer) Unfortunately, it still didn't work.

Now, I am planning to build my own TURN server, but I am afraid if TURN server wouldn't solve this problem. So I would like to have any advice from you since I am quite stuck within my situation.

p.s I have done SSL encryption.(So GetUserMedia is working fine)

Sdp details(Offer/Answer):

SDP

Offer

I try to initialize 2 DTLS sessions with 2 different peers. The first otCoapSecureConnect returns OT_ERROR_NONE, the second one returns OT_ERROR_INVALID_STATE. Does OpenThread allow multiple CoAP secure connections ?

I am using openconnect --protocol=gp vpn.mysite.com and it says its connecting, but it is waiting for the SAML authentication. The command and authentication works on my debian machine it prompts for a username and password, but trying on my other linux machine it does not seem to want to prompt for authentication. This is the output:

I need to open two DTLS sockets on different IPs on the same port of the host. Using :gen_udp with {:reuseaddr, true} it works fine. But not with :ssl.listen

You can reproduce it with the following commands:

I'm trying to launch this on AWS Ubuntu.

It works fine under Chrome on localhost. (There was an issue with Firefox, hopefully running remotely with HTTPS will make the problem disappear. But that's unrelated to this question.)

I opened the ports that are specified on readme.MD using the AWS console (inbound TCP to port 3000, inbound UDP to ports 40000-49999, all outgoing traffic is allowed.)

Then adapted config.json to:

I am exploring on DTLS 1.2 using Californium-Scandium demo-apps projects. It appears that Scandium-core README.md supports the latest draft of Connection Identifiers for DTLS 1.2. According to Connection Identifiers for DTLS 1.2, the CID exchange happens between the Client & the server if client and server wants to talk on based of Connection Id. When I run the demo-apps of Scandium Server & Scandium Client, I am not able to see the exchange of CID happening between the client and the server. Though I can see the Connection Id generation on Client as well Server side of DTLS. I have added the logger in the Record.java but the connection Id is always null in the loggers. My question is whether the CID exchange logic between the DTLS Server and DTLS client is implemented in scandium-core API? If yes, please help me to find out the classes used for this.

The cookie exchange initiated by HelloVerifyRequest described in section 4.2.1 of RFC 6347 is essential to DoS-protection in DTLS. Unless I'm overlooking something, the WolfSSL documentation does not really describe how to enable this cookie exchange with its DTLS implementation.

The closest I can find is the function wolfSSL_send_hrr_cookie, about which the manual states:

This function is called on the server side to indicate that a HelloRetryRequest message must contain a Cookie. The Cookie holds a hash of the current transcript so that another server process can handle the ClientHello in reply. The secret is used when generting the integrity check on the Cookie data.

As far as I understand, the HelloRetryRequest (compare HelloVerifyRequest) is TLS 1.3 terminology. DTLS 1.3 is not finalized. How does one enable and control the DTLS 1.0/1.2 cookie exchange in WolfSSL?

I need to populate my v-select multiselect element from json object I tried but it didn't work

This is what I get