[asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Mitja Kaučič mitjaka at cde.si
Fri Feb 15 14:49:40 CST 2013

Thank you for all the answers!
So if i understand  correctly there is a possibility that a call from mozzila nightly will work if you build the asterisk with the OpenSSL library that is supporting SHA256. Or do i need to change the code inside Chan_sip.c where the verification is going on?

I think it is clear now that mozzila will only support DTLS-SRTP for encryption. Gogole and mozzila achived "interoperability" with DTLS so google is also supporting DTLS:
More on that:
Do you plan something in that regards? It would be great that asterisk would continue to be in the forefront in WEBRTC development.

Thank you and regards Mitja

-----Original Message-----
From: asterisk-dev-bounces at lists.digium.com [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Joshua Colp
Sent: Wednesday, January 09, 2013 1:28 PM
To: Asterisk Developers Mailing List
Subject: Re: [asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Mitja Kaučič wrote:
> I understand. But how can then the config setting dtlscipher work. In
> default config there is stated: dtlscipher =<SSL cipher string>    ;
> Cipher to use for TLS negotiation;
> ; A list of valid SSL cipher strings can be found at:
> http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS in the
> list SHA256 is also listed.

That's because we use OpenSSL for DTLS support. Whatever your OpenSSL is
built with is supported.

> But in the  Chan_sip.c code methode "process_sdp_a_dtls" only "sha-1"
> is supported on reading the SDP, there could be issue coming from
> this. In the end there will be diffrend types of fingerprint for
> sure, gogole talks something about SHA-224. There shuld be more/all
> encryptions supported.

Sure. Like I've said once stuff stabilizes then it can be revisited.
Just a clarification though - the fingerprint isn't used for encryption.
It's for verification purposes.

Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org

-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:

Posredovani dokument je namenjen izključno prejemniku (ali osebi, odgovorni za prenos tega sporočila prejemniku) ter osebam, ki so upravičene poznati v dokumentu vsebovane podatke na podlagi svojih pristojnosti. Posredovani dokument je dovoljeno uporabljati le za med pošiljateljem in prejemnikom dogovorjeni namen. Drugačno posredovanje, razmnoževanje oziroma uporaba dokumenta ni dovoljena. Dokument so vsi podatki v kakršnikoli obliki, ki jih vsebuje ta elektronska pošta. Če ste prejeli to sporočilo zaradi napake v naslovu ali pri prenosu sporočila, prosimo, da o tem obvestite pošiljatelja elektronskega sporočila.

Privileged/confidential information may be contained in this message. This communication is confidential and intended solely for the addressee(s). Unauthorized distribution, modification or disclosure of the contents may be unlawful. If you receive this in error, please notify the sender and delete it from your system.  If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone.

More information about the asterisk-dev mailing list