[asterisk-bugs] [JIRA] (ASTERISK-26130) [patch] WebRTC: Should use latest DTLS version.

[Alexander Traud (JIRA)]

Alexander Traud created ASTERISK-26130:
------------------------------------------

             Summary: [patch] WebRTC: Should use latest DTLS version.
                 Key: ASTERISK-26130
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26130
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_rtp_asterisk
    Affects Versions: 13.9.1, 11.22.0
            Reporter: Alexander Traud
            Severity: Minor


Asterisk uses OpenSSL als crypto library. Currently for DTLS, the first version (based on TLS 1.1) is used -- always. DTLS 1.0 is used even if the installed OpenSSL supports newer DTLS versions. For example since OpenSSL 1.0.2 -- included in Ubuntu 16.04 LTS -- DTLS 1.2 is supported.

DTLS 1.2 is used by Mozilla Firefox for WebRTC ([DTLS-SRTP|https://tools.ietf.org/html/rfc5764] via [SIP-over-Secure-WebSockets|https://tools.ietf.org/html/rfc7118]). Furthermore, DTLS 1.2 is required for AEAD-based cipher-suites like {{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}} and/or {{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}}.



--
This message was sent by Atlassian JIRA
(v6.2#6252)