Closed Bug 1702323 Opened 5 years ago Closed 5 years ago

TURN connection does not negotiate with TLS on Firefox 87+

Categories

(Core :: WebRTC: Networking, defect, P2)

Product:
Core
Component:
WebRTC: Networking
Version:
Firefox 87
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
89 Branch
Tracking Flags:
Tracking Status
firefox89 --- fixed

People

(Reporter: tenge, Assigned: bwc)

References

Details

Attachments

(3 files)

ff87.pcap
2.23 KB, application/vnd.tcpdump.pcap
Details
Bug 1702323: Get this TURNS server code working again. r?ahal
48 bytes, text/x-phabricator-request
Details | Review
Bug 1702323: Fix bug where the tls bit was being stomped by conversion functions. r?mjf
48 bytes, text/x-phabricator-request
Details | Review
Attached file ff87.pcap

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36

Steps to reproduce:

When creating a new WebRTC peerconnection with TURN URL/credential configuration, browser will create TURN allocations based on the config.

We provide a TURN URL/creds with "turns:[server]?transport=tcp", Firefox 87 will start to create TURN connections with TLS(turns).

Actual results:

Firefox does not create TLS connection, instead, TURN server side recognizes as plain TCP connection

Expected results:

Firefox is supposed to start TLS negotiation with sending ClientHello to the server.

In short, Firefox 87+ seems ignored the TURN SRV name: "turns"

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core
Component: Networking → WebRTC: Networking

Yeah, I can verify this.

Assignee: nobody → docfaraday
Severity: -- → S2
Priority: -- → P2
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Also: → 1323439

Thank you Byron. This is potentially a security risk for Firefox users when they use TLS for webrtc communications.
Is this have a clear path for fixing?

This is an easy fix, yes.

Not that it helps us on CI, because of bug 1323439, but we can at
least run it locally.

Also, some logging that was useful.

Depends on D110634

Try looks about as good as we can expect right now.

Pushed by bcampen@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d8d1c8964de0 Get this TURNS server code working again. r=ahal https://hg.mozilla.org/integration/autoland/rev/27094688f995 Fix bug where the tls bit was being stomped by conversion functions. r=mjf

Thanks. I'm wondering when this patch will go to the release version?

https://hg.mozilla.org/mozilla-central/rev/d8d1c8964de0
https://hg.mozilla.org/mozilla-central/rev/27094688f995

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox89: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 89 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: