DTLS failure

connectivitynetwork

An ICE connection has been established but the DTLS handshake failed.

Description

After an ICE connection has been established, the DTLS handshake needs to be done to secure the connection. When the DTLS fails, no audio or video can flow since SRTP encryption keys aren’t established.

It can be due to a Firewall or a NAT interference that can block this traffic that doesn't look like standard HTTP traffic. Alternatively, a badly configured TURN may not handle DTLS packets properly.

The negotiation can also be broken by advertising a wrong certificate fingerprint. In this case, the browser will reject the DTLS connection.

Finally, a network instability due to WiFi handovers or a switch to a cellular network can cause DTLS to time out.

What do we do here?

When we detect the following pattern:

The connectionState is “connecting”
The iceConnection state reaches “connected”
The next connectionState goes to “failed”, we mark an observation