[asterisk-bugs] [JIRA] (ASTERISK-28018) IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Tue Aug 21 10:48:54 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-28018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=244565#comment-244565 ]
Richard Mudgett commented on ASTERISK-28018:
--------------------------------------------
The problem is in OpenSSL and not Asterisk as described in the comments on ASTERISK-26544. The only way to fix this would be for Asterisk to know how DTLS is formatted and fragment the DTLS negotiation packets created by the OpenSSL BIO we use or make the BIO support a fixed MTU like other BIO's have. Neither of these options are likely. Asterisk should not have to know how DTLS is formatted as that is OpenSSL's job. Changing OpenSSL is rather difficult as so many things use it. As a workaround you need to use smaller keys to fit into the network's MTU. Though that may be difficult to do with trust chains making the keys larger.
> IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate
> ----------------------------------------------------------------------------------------------
>
> Key: ASTERISK-28018
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28018
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_rtp_asterisk
> Affects Versions: 13.16.0, 15.5.0
> Reporter: vijay kumar
> Assignee: Unassigned
> Labels: security, webrtc
> Attachments: dtls ip fragment.pcapng
>
>
> When checking in wireshark.
> IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate.
> How can i avoid ip fragmentation in case of webrtc and asterisk 13. dtls handshake server hello certificate packet.?
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list