diff --git a/trunk/src/app/srs_app_rtc_api.cpp b/trunk/src/app/srs_app_rtc_api.cpp
index a921da8e5..fd14b41d0 100644
--- a/trunk/src/app/srs_app_rtc_api.cpp
+++ b/trunk/src/app/srs_app_rtc_api.cpp
@@ -135,10 +135,12 @@ srs_error_t SrsGoApiRtcPlay::do_serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe
     // For client to specifies the EIP of server.
     string eip = r->query_get("eip");
     // For client to specifies whether encrypt by SRTP.
-    string encrypt = r->query_get("encrypt");
+    string srtp = r->query_get("encrypt");
+    string dtls = r->query_get("dtls");
 
-    srs_trace("RTC play %s, api=%s, clientip=%s, app=%s, stream=%s, offer=%dB, eip=%s, encrypt=%s",
-        streamurl.c_str(), api.c_str(), clientip.c_str(), app.c_str(), stream_name.c_str(), remote_sdp_str.length(), eip.c_str(), encrypt.c_str());
+    srs_trace("RTC play %s, api=%s, clientip=%s, app=%s, stream=%s, offer=%dB, eip=%s, srtp=%s, dtls=%s",
+        streamurl.c_str(), api.c_str(), clientip.c_str(), app.c_str(), stream_name.c_str(), remote_sdp_str.length(), eip.c_str(),
+        srtp.c_str(), dtls.c_str());
 
     // TODO: FIXME: It seems remote_sdp doesn't represents the full SDP information.
     SrsSdp remote_sdp;
@@ -179,16 +181,18 @@ srs_error_t SrsGoApiRtcPlay::do_serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe
     }
 
     bool srtp_enabled = true;
-    if (encrypt.empty()) {
+    if (srtp.empty()) {
         srtp_enabled = _srs_config->get_rtc_server_encrypt();
     } else {
-        srtp_enabled = (encrypt != "false");
+        srtp_enabled = (srtp != "false");
     }
 
+    bool dtls_enabled = (dtls != "false");
+
     // TODO: FIXME: When server enabled, but vhost disabled, should report error.
     SrsRtcConnection* session = NULL;
-    if ((err = server_->create_session(&request, remote_sdp, local_sdp, eip, false, true, srtp_enabled, &session)) != srs_success) {
-        return srs_error_wrap(err, "create session");
+    if ((err = server_->create_session(&request, remote_sdp, local_sdp, eip, false, dtls_enabled, srtp_enabled, &session)) != srs_success) {
+        return srs_error_wrap(err, "create session, dtls=%u, srtp=%u, eip=%s", dtls_enabled, srtp_enabled, eip.c_str());
     }
 
     ostringstream os;
@@ -208,8 +212,8 @@ srs_error_t SrsGoApiRtcPlay::do_serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe
     res->set("sdp", SrsJsonAny::str(local_sdp_str.c_str()));
     res->set("sessionid", SrsJsonAny::str(session->username().c_str()));
 
-    srs_trace("RTC username=%s, srtp=%u, offer=%dB, answer=%dB", session->username().c_str(),
-        srtp_enabled, remote_sdp_str.length(), local_sdp_str.length());
+    srs_trace("RTC username=%s, dtls=%u, srtp=%u, offer=%dB, answer=%dB", session->username().c_str(),
+        dtls_enabled, srtp_enabled, remote_sdp_str.length(), local_sdp_str.length());
     srs_trace("RTC remote offer: %s", srs_string_replace(remote_sdp_str.c_str(), "\r\n", "\\r\\n").c_str());
     srs_trace("RTC local answer: %s", local_sdp_str.c_str());
 
diff --git a/trunk/src/app/srs_app_rtc_conn.cpp b/trunk/src/app/srs_app_rtc_conn.cpp
index 5f86397dd..f5e1245b9 100644
--- a/trunk/src/app/srs_app_rtc_conn.cpp
+++ b/trunk/src/app/srs_app_rtc_conn.cpp
@@ -213,6 +213,75 @@ srs_error_t SrsSemiSecurityTransport::protect_rtp2(void* rtp_hdr, int* len_ptr)
     return srs_success;
 }
 
+SrsPlaintextTransport::SrsPlaintextTransport(SrsRtcConnection* s)
+{
+    session_ = s;
+}
+
+SrsPlaintextTransport::~SrsPlaintextTransport()
+{
+}
+
+srs_error_t SrsPlaintextTransport::initialize(SrsSessionConfig* cfg)
+{
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::start_active_handshake()
+{
+    return on_dtls_handshake_done();
+}
+
+srs_error_t SrsPlaintextTransport::on_dtls(char* data, int nb_data)
+{
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::on_dtls_handshake_done()
+{
+    srs_trace("RTC: DTLS handshake done.");
+    return session_->on_connection_established();
+}
+
+srs_error_t SrsPlaintextTransport::on_dtls_application_data(const char* data, const int len)
+{
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::write_dtls_data(void* data, int size)
+{
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::protect_rtp(const char* plaintext, char* cipher, int& nb_cipher)
+{
+    memcpy(cipher, plaintext, nb_cipher);
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::protect_rtcp(const char* plaintext, char* cipher, int& nb_cipher)
+{
+    memcpy(cipher, plaintext, nb_cipher);
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::protect_rtp2(void* rtp_hdr, int* len_ptr)
+{
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::unprotect_rtp(const char* cipher, char* plaintext, int& nb_plaintext)
+{
+    memcpy(plaintext, cipher, nb_plaintext);
+    return srs_success;
+}
+
+srs_error_t SrsPlaintextTransport::unprotect_rtcp(const char* cipher, char* plaintext, int& nb_plaintext)
+{
+    memcpy(plaintext, cipher, nb_plaintext);
+    return srs_success;
+}
+
 SrsRtcPlayStreamStatistic::SrsRtcPlayStreamStatistic()
 {
     nn_rtp_pkts = 0;
@@ -1906,7 +1975,11 @@ srs_error_t SrsRtcConnection::initialize(SrsRtcStream* source, SrsRequest* r, bo
 
     if (!srtp) {
         srs_freep(transport_);
-        transport_ = new SrsSemiSecurityTransport(this);
+        if (dtls) {
+            transport_ = new SrsSemiSecurityTransport(this);
+        } else {
+            transport_ = new SrsPlaintextTransport(this);
+        }
     }
 
     SrsSessionConfig* cfg = &local_sdp.session_config_;
diff --git a/trunk/src/app/srs_app_rtc_conn.hpp b/trunk/src/app/srs_app_rtc_conn.hpp
index 8900c2990..8f696b226 100644
--- a/trunk/src/app/srs_app_rtc_conn.hpp
+++ b/trunk/src/app/srs_app_rtc_conn.hpp
@@ -158,6 +158,29 @@ public:
     virtual srs_error_t protect_rtp2(void* rtp_hdr, int* len_ptr);
 };
 
+// Plaintext transport, without DTLS or SRTP.
+class SrsPlaintextTransport : public ISrsRtcTransport
+{
+private:
+    SrsRtcConnection* session_;
+public:
+    SrsPlaintextTransport(SrsRtcConnection* s);
+    virtual ~SrsPlaintextTransport();
+public:
+    virtual srs_error_t initialize(SrsSessionConfig* cfg);
+    virtual srs_error_t start_active_handshake();
+    virtual srs_error_t on_dtls(char* data, int nb_data);
+    virtual srs_error_t on_dtls_handshake_done();
+    virtual srs_error_t on_dtls_application_data(const char* data, const int len);
+    virtual srs_error_t write_dtls_data(void* data, int size);
+public:
+    virtual srs_error_t protect_rtp(const char* plaintext, char* cipher, int& nb_cipher);
+    virtual srs_error_t protect_rtcp(const char* plaintext, char* cipher, int& nb_cipher);
+    virtual srs_error_t protect_rtp2(void* rtp_hdr, int* len_ptr);
+    virtual srs_error_t unprotect_rtp(const char* cipher, char* plaintext, int& nb_plaintext);
+    virtual srs_error_t unprotect_rtcp(const char* cipher, char* plaintext, int& nb_plaintext);
+};
+
 // A group of RTP packets for outgoing(send to players).
 class SrsRtcPlayStreamStatistic
 {