From 46fb1a2c2dc91e1410d3e9043fd088158bed4c92 Mon Sep 17 00:00:00 2001 From: Pascal Buhler Date: Mon, 12 Dec 2022 01:22:47 +0100 Subject: [PATCH] Include some information about supported ciphers Provide a little info on the consequence of configuring different crypto backends, as request in #620 . --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 1e42a0b..22cda48 100644 --- a/README.md +++ b/README.md @@ -220,11 +220,21 @@ will want to read the Security Considerations section of [RFC 3711](https://tool In addition, it is important that you read and understand the terms outlined in the [License and Disclaimer](#license-and-disclaimer) section. +This library also supports the AES-GCM Authenticated Encryption methods +described in [RFC 7714](https://tools.ietf.org/html/rfc7714) + -------------------------------------------------------------------------------- ## Implementation Notes + * It is possible to configure which 3rd party (ie openssl/nss/etc) crypto backend + libSRTP will be built with. If no 3rd party backend is set then libSRTP provides + an internal implementation of AES and Sha1. The internal implementation only + supports AES-128 & AES-256, so to use AES-192 or the AES-GCM group of ciphers a + 3rd party crypto backend must be configured. For this and performance reasons it + is highly recommended to use a 3rd party crypto backend. + * The `srtp_protect()` function assumes that the buffer holding the rtp packet has enough storage allocated that the authentication tag can be written to the end of that packet. If this assumption -- 2.42.0.windows.2