[asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Matthew Jordan mjordan at digium.com
Fri Feb 22 15:09:10 CST 2013


On 02/22/2013 10:40 AM, Mitja Kaučič wrote:
> Hello Joshua and Matthew.
> 
> I would be happy to contribute with a patch.
> I just need folowing info:
> 1. With witch client can i test the current implementation of DTLS-SRTP on asterisk?

They're rather hard to find.

When Josh wrote DTLS-SRTP support for Asterisk, we did a fairly
exhaustive search looking for clients that (a) supported DTLS-SRTP and
(b) could be pointed at Asterisk. At the time, no clients met both
criteria. Those that did support DTLS-SRTP were working hard on creating
closed networks that did not allow another B2BUA to participate.

We tested it by pointing two Asterisk instances at each other and
running Wireshark. And starting at a lot of pcaps.

That situation may have changed.

> 2. To configure DTLS-SRTP properly is it enough to just set dtlsenable=yes do i need dtlsSverify and to set dtls certificats for a basic functionality?

You need a bit more than that. You'll need:
1) The correct version of OpenSSL that supports DTLS installed and
Asterisk built using it
2) CA and cert files generated that will be used by the RTP engine
3) Properly configured endpoints. For a test run of Asterisk <->
Asterisk, the configuration of one instance of Asterisk looked something
like this:

[peer-template](!)
directmedia = no
disallow = all
allow = g722
allow = gsm
allow = ulaw

[dtls-template](!,peer-template)
encryption = yes
dtlsenable = yes
dtlsverify = yes
dtlsrekey = 60
dtlscafile = /etc/asterisk/ca.crt
dtlscertfile = /etc/asterisk/asterisk01.pem
dtlssetup = actpass

[asterisk-01](dtls-template)
type = peer
secret = asterisk-01
host = x.x.x.x
context = from-asterisk-01
insecure = invite

-- 
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org





More information about the asterisk-dev mailing list