[asterisk-bugs] [JIRA] (ASTERISK-25659) res_rtp_asterisk: ECDH not negotiated causing DTLS failure occurred on RTP instance

Edwin Vandamme (JIRA) noreply at issues.asterisk.org
Wed Jun 29 12:52:56 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231243#comment-231243 ] 

Edwin Vandamme edited comment on ASTERISK-25659 at 6/29/16 12:51 PM:
---------------------------------------------------------------------

I expected that would be the reason for the OpenSSL version, makes it harder to detect problems in a specific version but then each to their own.

As for your patch, this is displayed in the console :
{quote}Connected to Asterisk 13.9.1 currently running on server (pid = 43787)
call-01*CLI> core set verbose 2
Console verbose was OFF and is now 2.
  == WebSocket connection from '1.2.3.4:37637' for protocol 'sip' accepted using version '13'
  == WebSocket connection from '1.2.3.4:37638' for protocol 'sip' accepted using version '13'
  == DTLS ECDH initialized (automatic), faster PFS cipher-suites enabled
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == DTLS ECDH initialized (automatic), faster PFS cipher-suites enabled
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
{quote}

This is in the normal logs :
{quote}[Jun 29 17:40:04] VERBOSE[44757][C-00000002] pbx.c: Executing [C at C-Node:77] Dial("SIP/1-00000000", "SIP/id-to-call,20,gm(SIP/1-00000000-1)U(H-CALLED^SIP/1-00000000^1018^/files/moh.wav)") in new stack
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] res_rtp_asterisk.c: DTLS ECDH initialized (automatic), faster PFS cipher-suites enabled
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] netsock2.c: Using SIP RTP TOS bits 184
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] netsock2.c: Using SIP RTP CoS mark 5
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] app_dial.c: Called SIP/id-to-call
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] res_musiconhold.c: Started music on hold, class 'SIP/1-00000000-1', on channel 'SIP/1-00000000'
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] app_dial.c: SIP/id-to-call-00000001 is ringing
[Jun 29 17:40:04] ERROR[44757][C-00000002] res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x7fc05c017e98' due to reason 'missing tmp ecdh key', terminating
[Jun 29 17:40:04] WARNING[44757][C-00000002] res_rtp_asterisk.c: RTP Read error: Unspecified.  Hanging up.
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] app_dial.c: No one is available to answer at this time (1:0/0/0)
[Jun 29 17:40:04] VERBOSE[44757][C-00000002] res_musiconhold.c: Stopped music on hold on SIP/1-00000000
{quote}


was (Author: pay123):
I expected that would be the reason for the OpenSSL version, makes it harder to detect problems in a specific version but then each to their own.

As for your patch, this is displayed in the console :
{quote}Connected to Asterisk 13.9.1 currently running on server (pid = 43787)
call-01*CLI> core set verbose 2
Console verbose was OFF and is now 2.
  == WebSocket connection from '1.2.3.4:37637' for protocol 'sip' accepted using version '13'
  == WebSocket connection from '1.2.3.4:37638' for protocol 'sip' accepted using version '13'
  == DTLS ECDH initialized (automatic), faster PFS cipher-suites enabled
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == DTLS ECDH initialized (automatic), faster PFS cipher-suites enabled
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
{quote}


> res_rtp_asterisk: ECDH not negotiated causing DTLS failure occurred on RTP instance
> -----------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25659
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25659
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 11.22.0, 13.9.1
>         Environment: Using the following on the server :
> CentOS	  	  	7.2	  	2015-11
> Asterisk	  	  	13.6	  	2015-10
> jansson  	  	  	2.7	  	2014-10-02
> PJSIP (pjproject)	2.4.5	2015-08-12
> sipML5  	  		2.0.2	2015-12
> Using the following on the client :
> CentOS  	  	  	7.2 KDE desktop
> Chrome Version  	47.0.2526.106 (64-bit) 
>            Reporter: Edwin Vandamme
>            Assignee: Alexander Traud
>            Severity: Minor
>         Attachments: asterisk.log, dtls_centos_step_1.patch, dtls_centos_step_2.patch, ecdh.patch
>
>
> This issue has been on the forum for over a week, but I did not get any feedback, http://forums.asterisk.org/viewtopic.php?f=1&t=96461&sid=528c724d236a38e60e868817462c6f26, so I have now escalated this as a bug report.
> Using the described environment, I get the following error in my Asterisk log :
> res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x7fe8c8024178' due to reason 'missing tmp ecdh key', terminating
> res_rtp_asterisk.c: RTP Read error: Unspecified. Hanging up.
> An earlier bug report listed this as a problem on FireFox : ASTERISK-25265
> It is said to be fixed in 13.6
> WebRTC is not yet in production on my system, due to the constant changes, but in earlier tests everything worked fine. As far as I can tell, it all started when Chrome forced the usage of https over http.
> Dialing from a WebRTC peer to Asterisks works just fine.
> For various reasons I use sip.conf, not pjsip.conf.
> Certificates used are propper certificates, not self signed versions.
> I attached (asterisk.log) part of the Asterisk log file with "sip debug on", start of call till failure.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list