Even as WebRTC gains wider acceptance, the implementation of the technology in web browsers remains a moving target for developers.
Most browsers operate on six week release schedules, so it is important for our engineers to stay ahead of new developments by checking beta and even alpha builds of relevant browsers to guarantee a stable environment for our users.
Many necessary changes are small front-end considerations because browser APIs automatically update without our handiwork. But with Mozilla recently announcing that they would force Perfect Forward Secrecy in Firefox, we had to make a few back-end changes with OnSIP app to ensure that the app would still work for every calling scenario our hosted PBX customers require.
What is Perfect Forward Secrecy?
Perfect Forward Secrecy is WebRTC's answer to transferring data safely and smartly across the Internet. Once a user establishes that he or she wants to place a call, his or her browser sends messages to relevant servers declaring his or her intention. These messages contain the media information of the caller, such as if he or she wants to place an audio or video call, as well as what types of encryption the browser supports.
Once the media packets begin flowing, it is important that the media is encrypted in a way that only the intended parties can decipher what the packets actually contain, or else unwanted parties could spy on calls with minimal hassle. The different types of encryption that govern this relationship in WebRTC-based apps are know as Transport Layer Security (TLS) ciphers.
The Transport Layer Security protocol determines the encryption level of each WebRTC packet
All browsers offer a variety of TLS ciphers, with differing but acceptably high levels of security. Firefox is changing its definition of "acceptably high" in their upcoming browser release, in which all ciphers must support a property known as Perfect Forward Secrecy (PFS).
Perfect Forward Secrecy ensures that if a third party were able to decrypt a single media packet, the information they discover from this would not give them enough information to decrypt packets from any other calls, or even later parts of the same call. This essentially makes the call entirely indecipherable to uninvited parties.
PFS Support For OnSIP app
Upon testing later releases of Firefox, we noticed that FreeSWITCH - a project we use throughout our back-end systems - did not support Perfect Forward Secrecy for all WebRTC environments. Our engineers were able to resolve this issue on their own and informed the project's developers of what changes must be made in order to fix this.
Now that we have implemented this fix, OnSIP app users will always use Perfect Forward Secrecy in all browsers that support it. This additional measure of security makes OnSIP app calls even more secure than they already were. By staying on top of the latest browser updates, our team is dedicated maximizing the security, ease, and efficiency of every user's OnSIP experience.