[asterisk-bugs] [JIRA] (ASTERISK-25659) res_rtp_asterisk: ECDH not negotiated causing DTLS failure occurred on RTP instance

Edwin Vandamme (JIRA) noreply at issues.asterisk.org
Wed Jun 22 14:49:57 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231117#comment-231117 ] 

Edwin Vandamme commented on ASTERISK-25659:
-------------------------------------------

Alexander,

I have been using Asterisk 13 from day one as I upgraded from 12.
The problem only popped up after 13.6 .
Though shortly before that CentOS upgraded from 7.1 to 7.2 (that would have been 201511)
If I remember correctly I did switch back to 13.5 and that did not have a problem with CentOS 7.2.
I did try installing OpenSSL on CentOS 7.2 from source and that showed the same problem.

All this led me to believe the problem lies with Asterisk.

In hindsight I rather think it has to do with the picking order of the required cipher.
I believe recently there was something released to set the available ciphers, so that might fix the problem, but I need to dive into it again to be 100% sure.


So I will try and :
1) get the CentOS code for OpenSSL, so you can have a look at it.
2) verify if the cipher can be set.
3) verify if the latest Chrome 51.0.2704.84 (64-bit) might fix the problem (in case the browser selects the cipher)

As my systems are still not in production (don't you hate that), I have the means to do some testing on a real life environment instead of a test environment.


> res_rtp_asterisk: ECDH not negotiated causing DTLS failure occurred on RTP instance
> -----------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25659
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25659
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 11.22.0, 13.9.1
>         Environment: Using the following on the server :
> CentOS	  	  	7.2	  	2015-11
> Asterisk	  	  	13.6	  	2015-10
> jansson  	  	  	2.7	  	2014-10-02
> PJSIP (pjproject)	2.4.5	2015-08-12
> sipML5  	  		2.0.2	2015-12
> Using the following on the client :
> CentOS  	  	  	7.2 KDE desktop
> Chrome Version  	47.0.2526.106 (64-bit) 
>            Reporter: Edwin Vandamme
>            Assignee: Alexander Traud
>            Severity: Minor
>         Attachments: asterisk.log, dtls_centos_step_1.patch, dtls_centos_step_2.patch, ecdh.patch
>
>
> This issue has been on the forum for over a week, but I did not get any feedback, http://forums.asterisk.org/viewtopic.php?f=1&t=96461&sid=528c724d236a38e60e868817462c6f26, so I have now escalated this as a bug report.
> Using the described environment, I get the following error in my Asterisk log :
> res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x7fe8c8024178' due to reason 'missing tmp ecdh key', terminating
> res_rtp_asterisk.c: RTP Read error: Unspecified. Hanging up.
> An earlier bug report listed this as a problem on FireFox : ASTERISK-25265
> It is said to be fixed in 13.6
> WebRTC is not yet in production on my system, due to the constant changes, but in earlier tests everything worked fine. As far as I can tell, it all started when Chrome forced the usage of https over http.
> Dialing from a WebRTC peer to Asterisks works just fine.
> For various reasons I use sip.conf, not pjsip.conf.
> Certificates used are propper certificates, not self signed versions.
> I attached (asterisk.log) part of the Asterisk log file with "sip debug on", start of call till failure.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list