[eng] Does WebRTC require SSL (Secure Socket Layers) to be enabled for integration?

As a provider of SaaS solutions in the form of web services, I often receive various security-related questions while addressing my clients' security issues. Through this process, I have gained experience in growing by finding ways to provide a safer service.

I would like to organize these experiences around questions and share them.

Does WebRTC require SSL (Secure Socket Layers) to be enabled for integration?

WebRTC is designed to be used only on HTTPS for security reasons. Therefore, WebRTC will not be activated in an HTTP environment without an SSL certificate.

 

For security, WebRTC uses SRTP (Secure Real-time Transport Protocol) by default and uses DTLS (Datagram Transport Layer Security) for data exchange. Since these security technologies cannot work without an SSL certificate, WebRTC cannot be used in an HTTP environment without an SSL certificate.

Therefore, to use WebRTC, you need to configure an HTTPS environment with an SSL certificate. To do this, you need to obtain an SSL certificate and apply the HTTPS protocol. You can use services such as Let's Encrypt, which provides free SSL certificates, to do this.

What are the differences between HTTPS, SSL, and TLS?

HTTPS is a secure protocol that secures the HTTP protocol, while SSL and TLS are protocols used in HTTPS.

SSL (Secure Sockets Layer) was initially developed by Netscape, while TLS (Transport Layer Security) was developed by IETF (Internet Engineering Task Force) as an improved version of SSL. Therefore, TLS can be considered as a successor to SSL.

SSL and TLS mainly use public-key encryption to protect data in network communications. In communication between clients and servers, SSL/TLS uses certificates to verify the identity of the other party and encrypts data to transmit it safely.

The differences between SSL and TLS include encryption methods, certificate formats, protocol versions, and others, but the basic principles are the same.

SSL has vulnerabilities and is currently not recommended for use, while TLS is constantly being upgraded. Currently, TLS 1.3 is the latest version.

I will cover deeper aspects in the next opportunity.