#webrtc

[RFC idea] DTLS support in ext/openssl (Openssl\Dtls)

A PHP internals mailing list thread proposing DTLS (RFC 6347, the UDP counterpart of TLS) support in PHP's ext/openssl extension. The author has a working proof-of-concept featuring a transport-agnostic Openssl\Dtls class using memory BIOs, enabling use cases like WebRTC data channels, DTLS-SRTP, and CoAP. Discussion covers API design choices: using OpenSSLCertificate/OpenSSLAsymmetricKey objects vs PEM strings, enums vs integer constants for handshake states, and whether to expose DTLS as a dtls:// stream wrapper (like tls:// over tcp://) or a low-level engine. The ext/openssl maintainer (Jakub) prefers a stream wrapper approach, while the author argues both surfaces are needed — the stream for simple cases and the low-level engine for multiplexed transports like WebRTC where DTLS shares a UDP socket with STUN and SRTP.

[RFC idea] DTLS support in ext/openssl (Openssl\Dtls)

A PHP internals RFC idea proposing DTLS (RFC 6347, the UDP counterpart of TLS) support in ext/openssl. The author has a working proof-of-concept implementing a transport-agnostic Openssl\Dtls class using memory BIOs, allowing applications to drive the handshake and own packet I/O — enabling WebRTC data channels, DTLS-SRTP, CoAP, and SIP use cases currently unreachable without FFI. The ext/openssl maintainer suggests a dtls:// stream wrapper approach similar to tls:// over tcp://. The author proposes doing both: a dtls:// stream for the simple dedicated-socket case, and a low-level engine for multiplexed transports like WebRTC where DTLS shares a UDP socket with STUN and SRTP. API design feedback includes using enums instead of integer constants and accepting OpenSSLCertificate objects instead of PEM strings.

[RFC idea] DTLS support in ext/openssl (Openssl\Dtls)

RFC đề xuất bổ sung hỗ trợ DTLS (giao thức UDP tương đương TLS) trong ext/openssl thông qua lớp mới Openssl\Dtls, nhằm mở rộng khả năng cho các trường hợp như WebRTC, DTLS-SRTP và CoAP. Thiết kế tập trung vào lớp endpoint độc lập với transport, sử dụng memory BIOs để kiểm soát trực tiếp I/O datagram, thay vì stream wrapper truyền thống.

Lập trình viên cần đọc để khám phá cách mở rộng khả năng giao thức DTLS cho PHP, giúp giải quyết những hạn chế hiện tại trong việc hỗ trợ WebRTC, CoAP và các ứng dụng đòi hỏi giao thức UDP như TLS, từ đó tối ưu hóa hiệu suất và tính linh hoạt cho các dự án sử dụng giao thức truyền dữ liệu phân đoạn.

[RFC idea] DTLS support in ext/openssl (Openssl\Dtls)

A PHP internals RFC proposal to add DTLS (Datagram TLS, the UDP counterpart of TLS) support to ext/openssl. The author proposes a transport-agnostic Openssl\Dtls class using memory BIOs, allowing applications to control packet flow for protocols like WebRTC, DTLS-SRTP, and CoAP. A working proof-of-concept with .phpt tests already exists. The proposal raises open questions about API design (enums vs int constants, object vs PEM string inputs, DtlsDatagram wrapper), whether DTLS belongs in core or userland/FFI, and how to handle the HelloVerifyRequest DoS mitigation. A community member suggests using proper PHP types (enums, typed objects) instead of raw strings and ints throughout the API.