Skip to main content

Credentials in the URL

Pass a username and password directly in the RTSP URL. gortsplib extracts and retains the credentials for authentication challenges (Basic and Digest). 
u, err := base.ParseURL("rtsp://myuser:mypass@localhost:8554/mystream")
The user:pass@ portion is forwarded on every request that requires authentication. You do not need to configure anything else for plain credential-based auth.

RTSPS (TLS)

Use an rtsps:// URL and supply a *tls.Config to connect to a server that requires TLS. The default RTSPS port is 322; gortsplib adds it automatically when no port is specified in the URL. 
import (
    "crypto/tls"

    "github.com/bluenviron/gortsplib/v5"
    "github.com/bluenviron/gortsplib/v5/pkg/base"
)

u, err := base.ParseURL("rtsps://myuser:mypass@localhost:322/mystream")
if err != nil {
    panic(err)
}

c := gortsplib.Client{
    Scheme: u.Scheme, // "rtsps"
    Host:   u.Host,
    TLSConfig: &tls.Config{
        // supply your CA pool, client certificates, etc.
    },
}

err = c.Start()
if err != nil {
    panic(err)
}
defer c.Close()

Self-signed certificates

If the server uses a self-signed certificate and you accept the security implications, set InsecureSkipVerify: 
c := gortsplib.Client{
    Scheme: u.Scheme,
    Host:   u.Host,
    TLSConfig: &tls.Config{
        InsecureSkipVerify: true, //nolint:gosec
    },
}
InsecureSkipVerify: true disables certificate chain and hostname verification. Any server can present any certificate and the client will accept it. Use this only in controlled, non-production environments.

SRTP / SRTCP

SRTP (Secure RTP) encrypts RTP and RTCP packets at the media layer. When the server advertises SRTP in its SDP (the transport profile is RTP/SAVP), gortsplib enables SRTP automatically — no additional configuration is required. The library handles:
  • Key exchange via MIKEY (embedded in the SDP key-mgmt attribute)
  • Encryption and decryption of RTP and RTCP payloads
  • SRTP context lifecycle tied to the session
SRTP is independent of TLS. A server can require SRTP without using rtsps://, and an rtsps:// server does not necessarily use SRTP. Many deployments use both together for defense in depth.

Tunneling for firewall traversal

When a firewall blocks the RTSP port (554), you can tunnel the RTSP connection inside HTTP or WebSocket by setting the Tunnel field: 
c := gortsplib.Client{
    Scheme: u.Scheme,
    Host:   u.Host,
    Tunnel: gortsplib.TunnelHTTP,      // or gortsplib.TunnelWebSocket
}
For a full walkthrough of proxy and tunneling scenarios, see the proxy guide.