Re: [rtcweb] Same location media

Bernard Aboba <> Thu, 20 October 2011 17:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5452B21F8C08 for <>; Thu, 20 Oct 2011 10:02:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.447
X-Spam-Status: No, score=-102.447 tagged_above=-999 required=5 tests=[AWL=0.151, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mimvSzdI1Pa7 for <>; Thu, 20 Oct 2011 10:02:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BF6F421F8BFE for <>; Thu, 20 Oct 2011 10:02:36 -0700 (PDT)
Received: from BLU152-W40 ([]) by with Microsoft SMTPSVC(6.0.3790.4675); Thu, 20 Oct 2011 10:02:30 -0700
Message-ID: <BLU152-W404F6E9A2510EBAC9F1C1F93EB0@phx.gbl>
Content-Type: multipart/alternative; boundary="_077a6252-5e01-4004-b065-786c0196a5fa_"
X-Originating-IP: []
From: Bernard Aboba <>
Date: Thu, 20 Oct 2011 10:02:29 -0700
Importance: Normal
In-Reply-To: <>
References: <>, <BLU152-W274DC7DC92EF49307BC57D93EB0@phx.gbl>, <>, <BLU152-W6591495353D395650050F293EB0@phx.gbl>, <>
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Oct 2011 17:02:30.0048 (UTC) FILETIME=[0D4E2A00:01CC8F4A]
Subject: Re: [rtcweb] Same location media
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Oct 2011 17:02:37 -0000

Roman said:

"You can also operate a TURN server on  TCP port 80 and TLS port 443. In case of TLS connection firewall will have no way to distinguish TURN TLS traffic from HTTPS traffic. Support for HTTP/SOCKS based connections to TURN servers can be implemented as well. BTW, this is why it is essential to be able to specify TURN server location via JavaScript to the RTC client."

[BA] With respect to TURN with TCP/TLS we have found some firewalls that actually do deep packet inspection.  So if you're sending to TCP port 80 and aren't using HTTP, or are sending to port 443 and aren't using TLS (or are using TLS extensions the firewall doesn't understand), the firewall can block.   So yes, it is important to support TURN with TCP/TLS, but it should be recognized that even with that, there will still be a significant percentage of failures.