[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256
Alexander gassiev (JIRA)
noreply at issues.asterisk.org
Fri Jun 6 10:15:56 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=219136#comment-219136 ]
Alexander gassiev edited comment on ASTERISK-22961 at 6/6/14 10:15 AM:
-----------------------------------------------------------------------
Hi all
We use Asterisk 11.9 and patched it for using with DTLS
But when calling we have such error:
WARNING[7767][C-0000000a]: res_rtp_asterisk.c:1861 dtls_srtp_setup: Could not set policies when setting up DTLS-SRTP on '0x7f8230059d90'
[Jun 6 14:09:01] WARNING[7767][C-0000000a]: res_rtp_asterisk.c:4193 ast_rtp_read: RTP Read error: Unspecified. Hanging up.
http.conf:
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
user in sip.conf:
[101]
context=default
trustrpid=yes
sendrpid=no
qualify=yes
qualifyfreq=600
type=friend
regexten=101
context=out
secret=XXXXXXXXXX
encryption=yes
defaultuser=101
fromuser=101
host=dynamic
avpf=yes
transport=udp,ws,wss
icesupport=yes
directmedia=no
disallow=all
allow=ulaw
dtlsenable=yes
dtlsverify=no
dtlsrekey=60
dtlscertfile=/var/lib/asterisk/keys/asterisk.pem
dtlsprivatekey=/var/lib/asterisk/keys/asterisk.pem
dtlscipher=ALL
dtlscapath=/var/lib/asterisk/keys/
dtlssetup = actpass
Can anyone tell me how to fix this?
May be problem is in keys? If yes, how should I generate keys properly for Asterisk+DTLS?
was (Author: corax):
Hi all
We use Asterisk 11.9 and patched it for using with DTLS
But when calling we have such error:
WARNING[7767][C-0000000a]: res_rtp_asterisk.c:1861 dtls_srtp_setup: Could not set policies when setting up DTLS-SRTP on '0x7f8230059d90'
[Jun 6 14:09:01] WARNING[7767][C-0000000a]: res_rtp_asterisk.c:4193 ast_rtp_read: RTP Read error: Unspecified. Hanging up.
Can anyone tell me how to fix this?
May be problem is in keys? If yes, how should I generate keys properly for Asterisk+DTLS?
> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
> Key: ASTERISK-22961
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
> Affects Versions: 11.6.0, 11.7.0, 11.9.0, 12.0.0-beta2
> Reporter: Jay Jideliov
> Attachments: 11.7 patched.zip, asterisk-11.9.0-dtls.diff, asterisk_dtls.patch, backtrace (1).txt, backtrace.txt, chan_sip.c, dtls_retransmission.patch, ice_session.c, jssip no ring.txt, Patch_11.10-Fixed-DTLS-issues.patch, Patch_11.9_JayNitesh_corrected.patch, Patch 11.9.zip, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch, srtp_dtls.patch, wireshark.txt
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list