TURN/STUN/Signalling server question #39
Comments
|
STUN servers are free, don't know of a free TURN server, though. Correct me if I'm wrong but aren't WebRTC connections end-to-end encrypted? If not, happy to merge a PR that adds the ability to set a password on the uploaded file. |
Yes, they are, but the signalling server can MITM them. |
|
So I just saw this is more or less already tracked in #22. |
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As you advertise the Twilio's STUN/TURN service I am a bit unsure what happens when you do not use it: Because usually browsers have "baked in" their own TURN/STUN and signalling servers, so when WebRTC is e.g. used in Firefox Mozilla's servers are used for that.
This is especially important for the security of WebRTC as the signalling server could MITM the connection.
To prevent MITM attacks is there any additional encryption used - besides WebRTCs default one - such as SaltyRTC? If not you may consider this to improve the security.
The text was updated successfully, but these errors were encountered: