[asterisk-bugs] [JIRA] (ASTERISK-25265) DTLS Failure when calling WebRTC-peer on Firefox 39

Mark Duncan (JIRA) noreply at issues.asterisk.org
Tue Jul 28 05:22:33 CDT 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=227064#comment-227064 ] 

Mark Duncan edited comment on ASTERISK-25265 at 7/28/15 5:22 AM:
-----------------------------------------------------------------

Attached patch will add ECDH support to Asterisk.  It will detect auto ECDH in OpenSSL (1.0.2b and above) during ./configure.  If this is available, it will use it, otherwise it will fall back to prime256v1 (this behavior is consistent with other projects such as Apache and nginx).  

This fixes WebRTC being broken in Firefox 38+ due to Firefox now only supporting ciphers with perfect forward secrecy.

Tested against master and 13.1-cert2.  

Apply with {{patch -p1 < [path to patch]}} in your Asterisk source dir to apply it.


was (Author: mwduncan):
Attached patch will add ECDH support to Asterisk.  It will detect auto ECDH in OpenSSL (1.0.2b and above) during ./configure.  If this is available, it will use it, otherwise it will fall back to prime256v1 (this behavior is consistent with other projects such as Apache and nginx).  

This fixes WebRTC being broken in Firefox 38+ due to Firefox now only supporting ciphers with perfect forward secrecy.

Tested against master and 13.1-cert2.  

> DTLS Failure when calling WebRTC-peer on Firefox 39 
> ----------------------------------------------------
>
>                 Key: ASTERISK-25265
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25265
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 13.1.0
>            Reporter: Stefan Engström
>         Attachments: asterisk-ecdh.patch
>
>
> This issue has already been reported by http://forums.asterisk.org/viewtopic.php?f=1&t=95417
> Whenever calling a webrtc peer which uses firefox version 39 (or 40 beta), I get  error messages like "res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x7fefe800e9e8' due to reason 'no shared cipher', terminating" after the SDP exchange, and the call terminates.
> Hopefully you can reproduce it yourself on the latest version of asterisk by using
> http://www.sipml5.org/call.htm (I'm not sure if asterisk is doing anything wrong or just firefox/sipml5)
> I will provide more info if it's not easily reproducable.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list