[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256
NITESH BANSAL (JIRA)
noreply at issues.asterisk.org
Wed Feb 26 03:10:03 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=215661#comment-215661 ]
NITESH BANSAL edited comment on ASTERISK-22961 at 2/26/14 3:08 AM:
-------------------------------------------------------------------
Hi Jay,
Here are the answers to your questions:
1. I fixed it in JS Side, because asterisk is correct in its behaviour. For DTLS-SRTP, media profile should be UDP/TLS/RTP/SAVP(F).
2. I just made 1 line change in JS-SIP,i'll paste the code snippet here:
{code}
--- jssip-0.3.0.js
+++ jssip-0.3.0.js
@@ -3313,7 +3313,10 @@
setLocalDescription: function(sessionDescription, onFailure) {
this.peerConnection.setLocalDescription(
sessionDescription,
- null,
+ function(e)
+ {
+ console.log(LOG_PREFIX +"Set the local description");
+ },
function(e) {
console.error(LOG_PREFIX +'unable to set local description');
console.error(e);
@@ -4403,7 +4406,8 @@
if (self.isCanceled || self.status === C.STATUS_TERMINATED) {
return;
}
-
+ /*Replace RTP/SAVPF by UDP/TLS/RTP/SAVPF to propose DTLS */
+ offer = offer.replace(/\s+RTP\/SAVPF\s+/gm, " UDP/TLS/RTP/SAVPF ");
self.request.body = offer;
self.status = C.STATUS_INVITE_SENT;
request_sender.send();
{code}
3. Yes i am also facing one way audio issues with DTLS-SRTP, but the issue isn't because of DTLS-SRTP, it seems that real issue is ICE negotiation.
I have made couple of fixes, but there are some more issues. You can refer to the JIRA https://issues.asterisk.org/jira/browse/ASTERISK-23337
was (Author: nbansal):
Hi Jay,
Here are the answers to your questions:
1. I fixed it in JS Side, because asterisk is correct in its behaviour. For DTLS-SRTP, media profile should be UDP/TLS/RTP/SAVP(F).
2. I just made 1 line change in JS-SIP,i'll paste the code snippet here:
--- jssip-0.3.0.js
+++ jssip-0.3.0.js
@@ -3313,7 +3313,10 @@
setLocalDescription: function(sessionDescription, onFailure) {
this.peerConnection.setLocalDescription(
sessionDescription,
- null,
+ function(e)
+ {
+ console.log(LOG_PREFIX +"Set the local description");
+ },
function(e) {
console.error(LOG_PREFIX +'unable to set local description');
console.error(e);
@@ -4403,7 +4406,8 @@
if (self.isCanceled || self.status === C.STATUS_TERMINATED) {
return;
}
-
+ /*Replace RTP/SAVPF by UDP/TLS/RTP/SAVPF to propose DTLS */
+ offer = offer.replace(/\s+RTP\/SAVPF\s+/gm, " UDP/TLS/RTP/SAVPF ");
self.request.body = offer;
self.status = C.STATUS_INVITE_SENT;
request_sender.send();
3. Yes i am also facing one way audio issues with DTLS-SRTP, but the issue isn't because of DTLS-SRTP, it seems that real issue is ICE negotiation.
I have made couple of fixes, but there are some more issues. You can refer to the JIRA https://issues.asterisk.org/jira/browse/ASTERISK-23337
> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
> Key: ASTERISK-22961
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
> Affects Versions: 11.6.0, 12.0.0-beta2
> Reporter: Jay Jideliov
> Attachments: 11.7 patched.zip, asterisk_dtls.patch, chan_sip.c, ice_session.c, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list