[asterisk-bugs] [JIRA] (ASTERISK-25265) [patch]DTLS Failure when calling WebRTC-peer on Firefox 39 - add ECDH support and fallback to prime256v1

Wed Jul 29 10:58:33 CDT 2015

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=227097#comment-227097 ] 

Richard Mudgett edited comment on ASTERISK-25265 at 7/29/15 10:57 AM:
----------------------------------------------------------------------

Glad it helped you!  I ran in to this problem myself just last week and that's how I found your report.  I wouldn't be surprised if Chrome makes the same change eventually.  The only difference between what is attached here and what is on Gerrit is indentation.  

A couple other patches you might be interested in (these are things that got me with 13.1-cert2)

ASTERISK-24711 - Installing Asterisk with a new version of OpenSSL (what is included in an up to date Ubuntu 14.04 for example) results in a broken DTLS handshake.  This patch fixes it.  If you haven't applied this patch and your distro updates OpenSSL, you'll run in to this.

ASTERISK-25096 - Websocket related segfault.  I ran in to this when a client would go in to sleep mode and then wake up.  It would instantly segfault Asterisk.  It was a big patch (I just pulled the latest patch from Gerrit), but it works.  

With those 2 patches and the patch for ECDH support, 13.1-cert2 has been pretty solid for me so far.  

was (Author: mwduncan):
Glad it helped you!  I ran in to this problem myself just last week and that's how I found your report.  I wouldn't be surprised if Chrome makes the same change eventually.  The only difference between what is attached here and what is on Gerrit is indentation.  

A couple other patches you might be interested in (these are things that got me with 13.1-cert2)

https://issues.asterisk.org/jira/browse/ASTERISK-24711 - Installing Asterisk with a new version of OpenSSL (what is included in an up to date Ubuntu 14.04 for example) results in a broken DTLS handshake.  This patch fixes it.  If you haven't applied this patch and your distro updates OpenSSL, you'll run in to this.

https://issues.asterisk.org/jira/browse/ASTERISK-25096 - Websocket related segfault.  I ran in to this when a client would go in to sleep mode and then wake up.  It would instantly segfault Asterisk.  It was a big patch (I just pulled the latest patch from Gerrit), but it works.  

With those 2 patches and the patch for ECDH support, 13.1-cert2 has been pretty solid for me so far.  

> [patch]DTLS Failure when calling WebRTC-peer on Firefox 39 - add ECDH support and fallback to prime256v1
> --------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25265
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25265
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/BuildSystem, Resources/res_rtp_asterisk
>    Affects Versions: SVN, 13.1.0
>            Reporter: Stefan Engström
>         Attachments: asterisk-ecdh.patch
>
>
> This issue has already been reported by http://forums.asterisk.org/viewtopic.php?f=1&t=95417
> Whenever calling a webrtc peer which uses firefox version 39 (or 40 beta), I get  error messages like "res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x7fefe800e9e8' due to reason 'no shared cipher', terminating" after the SDP exchange, and the call terminates.
> Hopefully you can reproduce it yourself on the latest version of asterisk by using
> http://www.sipml5.org/call.htm (I'm not sure if asterisk is doing anything wrong or just firefox/sipml5)
> I will provide more info if it's not easily reproducable.

--
This message was sent by Atlassian JIRA
(v6.2#6252)