[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256

Joshua Colp (JIRA) noreply at issues.asterisk.org
Thu Jun 26 10:40:00 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=219999#comment-219999 ] 

Joshua Colp commented on ASTERISK-22961:
----------------------------------------

This is correct, I have been working on a branch to cover not just SHA-256 support but all the other things that have crept up. It is going up for code review at https://reviewboard.asterisk.org/r/3679/ and after going through review will be incorporated into the Asterisk 11 branch, and ultimately the next release.

I've tested the code against Chrome, Yandex Browser, Opera, Maxthon, and Firefox. I was able to achieve two way audio for inbound and outbound calls with all of them. In the case of Chrome based browsers I was also able to hold/unhold using sipml5. For Firefox this is not currently working and I will be sending an email to the sipml5 mailing list to discuss the best course of action going forward for it.

If you would like to test it yourself you are more than welcome. The easiest way is to check out the branch itself using subversion with the following command:

svn co http://svn.asterisk.org/svn/asterisk/team/file/sha256-a-harsh-reality

Once done go into the sha256-a-harsh-reality directory and compile Asterisk like you normally would.

Please post feedback on this issue. I know that at least one person has already checked it out and confirmed that it has fixed many problems for them.

Cheers,

> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
>                 Key: ASTERISK-22961
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
>    Affects Versions: 11.6.0, 11.7.0, 11.9.0, 12.0.0-beta2
>            Reporter: Jay Jideliov
>            Assignee: Joshua Colp
>         Attachments: 11.7 patched.zip, asterisk-11.10.0-dtls.patch, asterisk-11.9.0-dtls.diff, asterisk_dtls.patch, backtrace (1).txt, backtrace.txt, chan_sip.c, dtls_retransmission.patch, ice_session.c, jssip no ring.txt, Patch 11.9.zip, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch, srtp_dtls.patch, wireshark.txt
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list