cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
908
Views
0
Helpful
3
Replies

CMS WebRTC via HTTPS/443 only doesn't work

oliverkelm1
Level 1
Level 1

Hello,

i'm having problems getting WebRTC to work, when it is only accessible via HTTPS/443. The setup is very simple:

  • Cisco Meeting Server (v2.2.3)
    • 2 interfaces:
      • a: 10.0.1.20/24 with Callbridge, XMPP, Webbridge on port 443
      • b: 10.0.2.20/24 with TURN Server on Port 443
  • WebRTC Client in Subnet 10.0.3.0/24 with Firefox v54.0.1 and Firefox Beta v55.0b12 (64-Bit)
  • Firewall Rule 10.0.3.0/24 -> 10.0.1.20:443 and 10.0.3.0/24 -> 10.0.2.20:443

I've configured the TURN Server with

  • turn listen b lo
  • turn tls 443
  • no public-ip
  • certs with internal CA (inkl. intermediate CAs)

With Chrome v59 everything works fine. As I can see in the Changelog TURN via TLS/443 is supported in Firefox 54.

Do you have any idea?

3 Replies 3

Stephen Carr
Level 1
Level 1

what issue are you having with Firefox? Can you login but media fails? TURN should just impact actual calls.

Steve

Yes, I can login, but the media won't come up. As I can see in den packet capture, firefox doesn't try to build any connection to the TURN server. Via Chrome I see the message flow as it should be (first tries udp/3478, then tcp/443).

For me, it seems, that there is a problem with the used WebRTC Libraries in Firefox or it is a bug in Firefox.

In the Firefox webconsole I see the following warnings (sorry, german):

navigator.mozGetUserMedia wurde durch navigator.mediaDevices.getUserMedia ersetzt.
WebRTC-Schnittstellen mit dem "moz"-Präfix (mozRTCPeerConnection, mozRTCSessionDescription, mozRTCIceCandidate) sollten nicht mehr verwendet werden.
RTCIceServer.url is deprecated! Use urls instead. jquery.js
onaddstream is deprecated! Use peerConnection.ontrack instead.

yeah, it definitely looks like Firefox is not following through on moving to TLS on 443 then. Have you run a trace to see if it even gets there and then fails? I can't test it for now as I've got things in production so don't want to shut off 3478 to see. Definitely looks like some work needs to be done by the Firefox folks.