New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Fixed
Last visit > 30 days ago
Closed: Jan 2017
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocked on:
issue chromium:690069

Sign in to add a comment

Issue 6972: Having a=crypto in an SDP offer causes exception in Canary

Reported by, Jan 11 2017

Issue description

What steps will reproduce the problem?
1. Start a client that creates a PeerConnection and accepts calls.
2. Send an offer SDP to the client with a=crypto attribute for SDES-SRTP along with a=fingerprint for DTLS-SRTP.
3. The client does a setRemoteDescription with the offer SDP.

What is the expected result?
The setRemoteDescription succeeds.

What do you see instead?
The setRemoteDescription fails with the following message:
OperationError: Failed to set remote offer sdp: Session error code: ERROR_CONTENT. Session error description: Cryptos must be empty when DTLS is active.

What version of the product are you using? On what operating system?
Version 57.0.2976.5 canary (64-bit), on Windows 7

Please provide any additional information below.

Since the call is not established yet, both crypto and fingerprint attributes should be accepted for backward compatibility. This works fine on stable Chrome 55.

Here is a sample SDP that causes this issue.
o=xxxxxx 7 2 IN IP4
c=IN IP4
t=0 0
a=group:BUNDLE audio
a=msid-semantic: WMS D3C941D1-DAD9-43D3-BDB7-1FD861915F3D
m=audio 1 RTP/SAVPF 9 0 101
a=ssrc:594296634 cname:bFIHH+1iv0K+p4mZxKULHXxb
a=ssrc:594296634 label:a0-41D1-DAD9-43D
a=ssrc:594296634 msid:D3C941D1-DAD9-43D3-BDB7-1FD861915F3D a0-41D1-DAD9-43D
a=ssrc:594296634 mslabel:D3C941D1-DAD9-43D3-BDB7-1FD861915F3D
a=rtpmap:9 g722/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=fingerprint:sha-256 EB:95:EC:03:8B:21:39:58:81:10:8D:9D:0A:B1:3C:6D:DC:08:9D:59:59:3A:51:8A:BC:88:80:C8:4F:FE:6D:4F
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:9cXKvyA9V2T+IZxDZtO+T1oPOFYsS4O9Wzuf7W5h

Comment 1 by, Jan 11 2017

Is this a behavior change in Canary, or a bug?

Comment 2 by, Jan 12 2017

Project Member
Components: PeerConnection

Comment 3 by, Jan 17 2017

Project Member
Labels: EngTriaged
Status: Started (was: Unconfirmed)
It's a regression; it appears there was no unit/integration test for DTLS/SDES fallback. I'll fix it and request merge to M57.

Comment 4 by, Jan 18 2017

Thanks for letting us know.

BTW, there are some media issue with the Canary (using DTLS). With the previous version that I had reported above, the callee wasn't playing the media.  With the latest version 57.0.2985.0, that seems fixed, but there are media issues with a video call after a renegotiation.  I'd assume these would get sorted out during your own testing/development.

Comment 5 by, Jan 18 2017

Project Member
What kind of media issues? Also, could you file a new bug for them (or see if one already exists)?

Comment 6 by, Jan 20 2017

Have created  Issue 7027  for the media issue.  

BTW, the original media issue is still there - no need to renegotiate.  When a video call is received, the callee in Canary does not play the media, though both audio and video packets are being received.  Audio calls work fine.

Comment 7 by, Jan 21 2017

Project Member
The following revision refers to this bug:

commit 8662f940230bb0f8989ddc993488cde3a9c5b76a
Author: deadbeef <>
Date: Sat Jan 21 05:20:51 2017

Only set certificate on DTLS transport if fingerprint is found in SDP.

This is used for fallback from DTLS to SDES encryption, which we probably still
want to support. Setting a certificate puts the DTLS transport in a "DTLS
enabled" mode, so it should be delayed until SDP with "a=fingerprint" is set.

BUG= webrtc:6972 

Cr-Commit-Position: refs/heads/master@{#16199}


Comment 8 by, Jan 21 2017

Project Member
Labels: Merge-Requested M-57
Status: Fixed (was: Started)
Requesting merge to M57, since this is a regression.

Comment 9 by, Jan 21 2017

Project Member
The following revision refers to this bug:

commit 3e4faae0edeb2b30e899712f92217d2aa5cd6ff2
Author: deadbeef <>
Date: Sat Jan 21 06:43:34 2017

Fixing memory leak in FakeTransportController.

Introduced by:
Only occurs with test code.

BUG= webrtc:6972

Cr-Commit-Position: refs/heads/master@{#16200}


Comment 10 by, Feb 8 2017

Project Member
Blockedon: chromium:690069

Comment 11 by, Feb 23 2017

Project Member
Labels: -Merge-Requested -M-57 M-58

Comment 12 by, Feb 23 2017

Project Member
Labels: -M-58 M-57

Comment 13 by, Mar 6 2017

Project Member
Labels: -M-57 merge-merged-m57 M-58

Comment 14 by, Mar 29 2017

The  issue 7027  that I created for the media issue (related to video codec name being case sensitive) is still untriaged, but the problem is still there in stable version 57!  Could someone take a look at that?

Comment 15 by, Sep 11 2017

Project Member
Do you still need this functionality (applying an offer that allows both DTLS-SRTP and SDES-SRTP)? We're planning to remove it, since it's non-standard and has a maintenance cost. Also, we'll eventually need to remove support for SDES completely (at least, from Chrome), so this seems like a logical first step towards that goal.

If you still need this, can you explain your use case more so I can help figure out an alternative?

Comment 16 by, Sep 22 2017

Project Member
FYI, we've now done this. See:

Sign in to add a comment