[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256

Jay Jideliov (JIRA) noreply at issues.asterisk.org
Tue Feb 25 12:20:05 CST 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=215646#comment-215646 ] 

Jay Jideliov commented on ASTERISK-22961:
-----------------------------------------

Nitesh,

1) Is there a reason why you chose to address this on the JS side vs. by modifying this patch?

2) It would be also very helpful if you could post your modified JSSIP files for testing/analyzing behavior on incoming calls, since that issue was somehow (but not fully) addressed in SIPML as well (without a resolution), so finding how this can be incorporated into Asterisk should now be a priority.

3)Have you experienced any issues when making calls (with DTLS-SRTP) behind NAT? This is another issue I have encountered - although the sound is working fine in a no-NAT setup, there is no sound flowing between the parties when one of them is behind NAT. However, when DTLS-SRTP is not involved, same calls work fine both with and without NAT involved.
                
> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
>                 Key: ASTERISK-22961
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
>    Affects Versions: 11.6.0, 12.0.0-beta2
>            Reporter: Jay Jideliov
>         Attachments: 11.7 patched.zip, asterisk_dtls.patch, chan_sip.c, ice_session.c, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list