[Red5] RTMP over SSL - Solved
Gavriloaie Eugen-Andrei
crtmpserver at gmail.com
Mon Nov 9 11:25:13 PST 2009
http://code.google.com/p/blue5/wiki/HandshakeImplementations
On Nov 9, 2009, at 9:22 PM, Andrei Sochirca wrote:
> Just curios how can you decrypt RTMPE if you have initial handshake
> bytes? can you provide the algorithm and its work time estimation?
>
> Regards, Andrei.
>
>
> Gavriloaie Eugen-Andrei wrote:
>>
>> On Nov 9, 2009, at 8:19 PM, Kevin Green wrote:
>>
>>> I believe, though I may be wrong, that RTMPE only encrypts the
>>> media not the shared objects and function calls. *AKA, SSL is on a
>>> NetConnection, and RTMPE is only for streams*. If you want to
>>> secure things such as passwords, function calls, shared objects,
>>> or things along those lines you will want to use RTMPS with SSL.
>> RTMPE encrypts everything after the RTMP handshake. That includes
>> SO, invokes, streams, etc.
>> RTMPE is much faster than RTMPS but is useless in terms of
>> security. In fact I think RTMPE is useless in any filed of activity
>> because it awfully misses his solely purpose: encryption. Anyone
>> can decrypt a RTMPE connection if he/she caught the initial
>> handshake (the exchange of keys)
>>
>>
>>>
>>> If you are only concerned with securing the media then RTMPE
>>> might be alright, but it is also well know that is can be
>>> susceptible to a man in the middle attack whereas SSL you are
>>> working with a signed certificate and it is significantly harder
>>> to become the man in the middle. So again, if you want real
>>> security I would suggest investing in signed SSL certificates and
>>> using native SSL.
>>>
>>> If people are concerned with the speed at which the connections
>>> operate you can look into hardware based encryption accelerator
>>> cards or systems that already have it built in.
>>>
>>> Regards,
>>> Kevin Green
>>>
>>> JohnnyVoIP
>>> 350 Legget Drive
>>> Kanata, ON, Canada
>>> K2K 2W7
>>>
>>> Phone: 613 271 5993
>>> Fax: 613 271 9810
>>>
>>>
>>> On Mon, Nov 9, 2009 at 12:56 PM, Walter Tak <walter at waltertak.com <mailto:walter at waltertak.com
>>> >> wrote:
>>>
>>> http://en.wikipedia.org/wiki/Protected_Streaming
>>>
>>> RTMPE sounds better than RTMPS but since Adobe is kindof
>>> protecting it's protecting mechanism you might wonder how safe it
>>> really is. In fact it isn't since tools can still extract the
>>> video-data at the client.
>>>
>>> You'd only want to use RTMPS or RTMPE when you don't want other
>>> people (like spies from North Korea) to tune in on your
>>> video-conference-call-of-the-new-weapon-grade-plutonium-factory
>>> or webcam-stream-of-naked-women.
>>>
>>> W.
>>>
>>> ----- Original Message ----- From: "Thomas" <iamkenzo at gmail.com
>>> <mailto:iamkenzo at gmail.com>>
>>> To: <red5 at osflash.org <mailto:red5 at osflash.org>>
>>> Sent: Monday, 09 November 2009 18:07
>>> Subject: Re: [Red5] RTMP over SSL - Solved
>>>
>>>
>>>
>>> Thank you very much Kevin for you contribution,
>>>
>>> But are the benefits (if any) of rtmps/ssl over rtmpe?
>>> Because rtmpe
>>> is extremely easy to set up when the server supports it (like
>>> wowza),
>>> add 1 single letter in the netConnection, and you're done. No
>>> keystore, no certificates, no beans, nothing.
>>>
>>>
>>> -- VOD & visioconference - http://www.digiprof.tv
>>> <http://www.digiprof.tv/>
>>>
>>> _______________________________________________
>>> Red5 mailing list
>>> Red5 at osflash.org <mailto:Red5 at osflash.org>
>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>
>>>
>>>
>>> _______________________________________________
>>> Red5 mailing list
>>> Red5 at osflash.org <mailto:Red5 at osflash.org>
>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>
>>>
>>> _______________________________________________
>>> Red5 mailing list
>>> Red5 at osflash.org <mailto:Red5 at osflash.org>
>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>
>
>
> _______________________________________________
> Red5 mailing list
> Red5 at osflash.org
> http://osflash.org/mailman/listinfo/red5_osflash.org
More information about the Red5
mailing list