WebRTC connection could not be established on Chrome 124
i am working on an application that uses webrtc connections for audio, while testing the new version of chrome 124, which is currently in beta but to be released officially in a few days, we noticed that the audio stopped working for us.
while listening for packets using wireshark that are sent between the client and the server we noticed that one packet that informs us handshake when trying to initialize the connection, but it is not written what caused this error
looking further we extended the webrtc logs in chrome with additional flags --enable-logging --vmodule=/webrtc/=1
from them we were able to read additional information that informs us that the error occurred when the client tried to send the certificate [18496:21896:0403/131717.236:WARNING:openssl_adapter.cc(820)] write_alert fatal handshake failure TLS client send_client_certificate [18496:21896:0403/131717.236:INFO:openssl_adapter.cc(817)] connect_exit TLS client send_client_certificate [18496:21896:0403/131717.236:WARNING:openssl_stream_adapter.cc(949)] OpenSSLStreamAdapter::Error(ContinueSSL, 1, 0) [18496:21896:0403/131717.236:INFO:dtls_transport.cc(756)] DtlsTransport[0|1|]: DTLS transport error, code=1 [18496:21896:0403/131717.236:VERBOSE1:dtls_transport.cc(863)] DtlsTransport[0|1|]: set_dtls_state from:1 to 4
RTCPeerConnection went into failed state on onconnectionstatechange listener
Application is working fine on all older versions of chromium and all Firefox versions
What could have caused this error in the new version? Looking through the changes in the changelog, I did not find anything that could cause this error https://chromestatus.com/features#milestone%3D124
The issue for us was we only supported ClientCertificateType.rsa_sign but needed to support ClientCertificateType.ecdsa_sign for Chrome 124 as well.
- Renewing Minikube SSL certificates for 10 years
- Web Crypto API decryption failing with RSA-OAEP
- cURL queries work, but python-request fails
- Using OpenSSL's SHA1 with Apple Silicon in C
- Generate CSR using the private key store on Google HSM
- How write a Go program that behaves same as openssl rehash?
- PHP openssl_private_encrypt have javascript analog
- PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected
- How to install OpenSSL from source on Windows 10/11?
- Getting an HTTP response status code of 0 and empty message using C++ curl library libCPR
- TPM 2.0 based TLS handshake fails against RSA-4k Server keys (out-of-range)
- Gilab CI: load ssh key from environment variable
- Signing a certificate with my CA
- DICOM TLS between Orthanc and pynetDicom fails with error ErrorDetails: DicomAssociation - connecting to AET "MY_AET": TLS error: OpenSSL error
- How to create public and private key with OpenSSL?
- How to find out what this error means: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129)
- "pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available"
- How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
- What's a client certificate and where to get it, how to use it to connect to server?
- ITMS-91065: Missing Signature in Privacy Impacting SDK
- Generate sha256 with OpenSSL and C++
- OpenSSL: Unexpected EOF from www.openssl.org using their own example program
- .NET 8 | Kestrel: ERR_CERT_COMMON_NAME_INVALID When generating self-signed ssl certificate for my local IP
- No Default Ciphers attribute in urllib3?
- ssl impact on web server
- Why rust is failing to build command for openssl-sys v0.9.60 even after local installation?
- How to handle SSL_ERROR_SSL on SSL_accept
- What causes keytool error "Failed to decrypt safe contents entry"?
- How to notify server that client is closing connection
- "Certificate verify failed" OpenSSL error when using Ruby 1.9.3